Solved

ISA TMG forefront

Posted on 2011-09-15
5
1,368 Views
Last Modified: 2012-05-12
I have installed ISA server TMG forefront and its all working fine. I would like to force non-domain users to use proxy. I want them to use automatic proxy instead.
I have read about proxy.pac or WPAD. we want students to bring in their own laptops from home and connect to the school's network But we would like to have students bring in their own laptops which obviously will be non-domain laptops and be able to pull the proxy settings some how, so traffic can be filtered.
would anyone be able to help me??

thanks
TPHS
0
Comment
Question by:TePukeHighSchool
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
GRGrayban earned 334 total points
ID: 36547017
Best way to handle this is to have a separate NIC for wireless guests. All wireless access points are connected to this NIC. On the wireless system force gateway to be tmg server.  All users then will be going through proxy without any proxy settings. You can set rules for authenticated users versus all users to decide what guests should be blocked from. We configure our wireless for clients. Because employees like to use our wireless instead of cell service we block our smtp servers from NIC for wireless. This makes sure they will not use our bandwidth for their private use. In short... Two internal nics. One for domain and one for wireless.  Connect rules to either one or both.
0
 
LVL 2

Assisted Solution

by:GRGrayban
GRGrayban earned 334 total points
ID: 36547035
Follow up.set rules for wireless NIC not to allow any traffic anywhere else on the domain. If any shares are set for everyone, they will be able to browse/use. Also on wireless NIC, disable everything but ipv4. No browser services available then to these users. No net view, etc. Also there are 3rd party options to limit bandwidth if necessary. Think of pop up that makes them agree to terms, etc. Like qt Starbucks or other open guest networks.
0
 

Author Comment

by:TePukeHighSchool
ID: 36713310
thanks GRGrayban
so how do I make the users to go through proxy without proxy setting?? I think thats where I need the wpad?? which is what I want to know about. how do I set it up?? and does it work for non-domain users?? or it only works for domain users??

the way I have thing setup is that we have RUCKUS wireless system and I am creating a hotspot service (captive portal) where users are forced to web login using their active directory credentials. the problem at hand is that if I have the proxy setting manually set on the browser, I cannot access the web login page but if I remove it then I can access the page. so the thing here is that I want users to access the internet because after users are sucessfully authenticated, they will be automatically redirected to the school's intranet and from then they should click the intranet icon to web applications and they should have access to the internet. so in a nutshell HOW  DO i GO ABOUT MAKING users with devices that are not part of the domain to HAVE AUTOMATIC PROXY?? how do I configure my TMG to enable this??
0
 
LVL 6

Assisted Solution

by:infoplateform
infoplateform earned 166 total points
ID: 36938797
you can use RADIUS or basic authentication. You can also, fix the IPs for non-domain users and allow that particular IP range as anonymous users.

also check this


http://blogs.technet.com/b/isablog/archive/2006/06/29/439329.aspx

0
 

Author Comment

by:TePukeHighSchool
ID: 36941465
ok.. I will try using RADIUS. I actually have RADIUS installed.
basic authentication...? I have tried using it but it does not seem to work the way I want. because users are still asked authentication before they visit the net.


so in using basic authentication., will users be using automatic proxy?? so how do I set up automatic proxy??

thanks
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question