ISA TMG forefront

Posted on 2011-09-15
Medium Priority
Last Modified: 2012-05-12
I have installed ISA server TMG forefront and its all working fine. I would like to force non-domain users to use proxy. I want them to use automatic proxy instead.
I have read about proxy.pac or WPAD. we want students to bring in their own laptops from home and connect to the school's network But we would like to have students bring in their own laptops which obviously will be non-domain laptops and be able to pull the proxy settings some how, so traffic can be filtered.
would anyone be able to help me??

Question by:TePukeHighSchool
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

GRGrayban earned 1336 total points
ID: 36547017
Best way to handle this is to have a separate NIC for wireless guests. All wireless access points are connected to this NIC. On the wireless system force gateway to be tmg server.  All users then will be going through proxy without any proxy settings. You can set rules for authenticated users versus all users to decide what guests should be blocked from. We configure our wireless for clients. Because employees like to use our wireless instead of cell service we block our smtp servers from NIC for wireless. This makes sure they will not use our bandwidth for their private use. In short... Two internal nics. One for domain and one for wireless.  Connect rules to either one or both.

Assisted Solution

GRGrayban earned 1336 total points
ID: 36547035
Follow up.set rules for wireless NIC not to allow any traffic anywhere else on the domain. If any shares are set for everyone, they will be able to browse/use. Also on wireless NIC, disable everything but ipv4. No browser services available then to these users. No net view, etc. Also there are 3rd party options to limit bandwidth if necessary. Think of pop up that makes them agree to terms, etc. Like qt Starbucks or other open guest networks.

Author Comment

ID: 36713310
thanks GRGrayban
so how do I make the users to go through proxy without proxy setting?? I think thats where I need the wpad?? which is what I want to know about. how do I set it up?? and does it work for non-domain users?? or it only works for domain users??

the way I have thing setup is that we have RUCKUS wireless system and I am creating a hotspot service (captive portal) where users are forced to web login using their active directory credentials. the problem at hand is that if I have the proxy setting manually set on the browser, I cannot access the web login page but if I remove it then I can access the page. so the thing here is that I want users to access the internet because after users are sucessfully authenticated, they will be automatically redirected to the school's intranet and from then they should click the intranet icon to web applications and they should have access to the internet. so in a nutshell HOW  DO i GO ABOUT MAKING users with devices that are not part of the domain to HAVE AUTOMATIC PROXY?? how do I configure my TMG to enable this??

Assisted Solution

infoplateform earned 664 total points
ID: 36938797
you can use RADIUS or basic authentication. You can also, fix the IPs for non-domain users and allow that particular IP range as anonymous users.

also check this



Author Comment

ID: 36941465
ok.. I will try using RADIUS. I actually have RADIUS installed.
basic authentication...? I have tried using it but it does not seem to work the way I want. because users are still asked authentication before they visit the net.

so in using basic authentication., will users be using automatic proxy?? so how do I set up automatic proxy??


Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question