[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


ISA TMG forefront

Posted on 2011-09-15
Medium Priority
Last Modified: 2012-05-12
I have installed ISA server TMG forefront and its all working fine. I would like to force non-domain users to use proxy. I want them to use automatic proxy instead.
I have read about proxy.pac or WPAD. we want students to bring in their own laptops from home and connect to the school's network But we would like to have students bring in their own laptops which obviously will be non-domain laptops and be able to pull the proxy settings some how, so traffic can be filtered.
would anyone be able to help me??

Question by:TePukeHighSchool
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

GRGrayban earned 1336 total points
ID: 36547017
Best way to handle this is to have a separate NIC for wireless guests. All wireless access points are connected to this NIC. On the wireless system force gateway to be tmg server.  All users then will be going through proxy without any proxy settings. You can set rules for authenticated users versus all users to decide what guests should be blocked from. We configure our wireless for clients. Because employees like to use our wireless instead of cell service we block our smtp servers from NIC for wireless. This makes sure they will not use our bandwidth for their private use. In short... Two internal nics. One for domain and one for wireless.  Connect rules to either one or both.

Assisted Solution

GRGrayban earned 1336 total points
ID: 36547035
Follow up.set rules for wireless NIC not to allow any traffic anywhere else on the domain. If any shares are set for everyone, they will be able to browse/use. Also on wireless NIC, disable everything but ipv4. No browser services available then to these users. No net view, etc. Also there are 3rd party options to limit bandwidth if necessary. Think of pop up that makes them agree to terms, etc. Like qt Starbucks or other open guest networks.

Author Comment

ID: 36713310
thanks GRGrayban
so how do I make the users to go through proxy without proxy setting?? I think thats where I need the wpad?? which is what I want to know about. how do I set it up?? and does it work for non-domain users?? or it only works for domain users??

the way I have thing setup is that we have RUCKUS wireless system and I am creating a hotspot service (captive portal) where users are forced to web login using their active directory credentials. the problem at hand is that if I have the proxy setting manually set on the browser, I cannot access the web login page but if I remove it then I can access the page. so the thing here is that I want users to access the internet because after users are sucessfully authenticated, they will be automatically redirected to the school's intranet and from then they should click the intranet icon to web applications and they should have access to the internet. so in a nutshell HOW  DO i GO ABOUT MAKING users with devices that are not part of the domain to HAVE AUTOMATIC PROXY?? how do I configure my TMG to enable this??

Assisted Solution

infoplateform earned 664 total points
ID: 36938797
you can use RADIUS or basic authentication. You can also, fix the IPs for non-domain users and allow that particular IP range as anonymous users.

also check this



Author Comment

ID: 36941465
ok.. I will try using RADIUS. I actually have RADIUS installed.
basic authentication...? I have tried using it but it does not seem to work the way I want. because users are still asked authentication before they visit the net.

so in using basic authentication., will users be using automatic proxy?? so how do I set up automatic proxy??


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question