ISA TMG forefront

Posted on 2011-09-15
Last Modified: 2012-05-12
I have installed ISA server TMG forefront and its all working fine. I would like to force non-domain users to use proxy. I want them to use automatic proxy instead.
I have read about proxy.pac or WPAD. we want students to bring in their own laptops from home and connect to the school's network But we would like to have students bring in their own laptops which obviously will be non-domain laptops and be able to pull the proxy settings some how, so traffic can be filtered.
would anyone be able to help me??

Question by:TePukeHighSchool
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

GRGrayban earned 334 total points
ID: 36547017
Best way to handle this is to have a separate NIC for wireless guests. All wireless access points are connected to this NIC. On the wireless system force gateway to be tmg server.  All users then will be going through proxy without any proxy settings. You can set rules for authenticated users versus all users to decide what guests should be blocked from. We configure our wireless for clients. Because employees like to use our wireless instead of cell service we block our smtp servers from NIC for wireless. This makes sure they will not use our bandwidth for their private use. In short... Two internal nics. One for domain and one for wireless.  Connect rules to either one or both.

Assisted Solution

GRGrayban earned 334 total points
ID: 36547035
Follow up.set rules for wireless NIC not to allow any traffic anywhere else on the domain. If any shares are set for everyone, they will be able to browse/use. Also on wireless NIC, disable everything but ipv4. No browser services available then to these users. No net view, etc. Also there are 3rd party options to limit bandwidth if necessary. Think of pop up that makes them agree to terms, etc. Like qt Starbucks or other open guest networks.

Author Comment

ID: 36713310
thanks GRGrayban
so how do I make the users to go through proxy without proxy setting?? I think thats where I need the wpad?? which is what I want to know about. how do I set it up?? and does it work for non-domain users?? or it only works for domain users??

the way I have thing setup is that we have RUCKUS wireless system and I am creating a hotspot service (captive portal) where users are forced to web login using their active directory credentials. the problem at hand is that if I have the proxy setting manually set on the browser, I cannot access the web login page but if I remove it then I can access the page. so the thing here is that I want users to access the internet because after users are sucessfully authenticated, they will be automatically redirected to the school's intranet and from then they should click the intranet icon to web applications and they should have access to the internet. so in a nutshell HOW  DO i GO ABOUT MAKING users with devices that are not part of the domain to HAVE AUTOMATIC PROXY?? how do I configure my TMG to enable this??

Assisted Solution

infoplateform earned 166 total points
ID: 36938797
you can use RADIUS or basic authentication. You can also, fix the IPs for non-domain users and allow that particular IP range as anonymous users.

also check this


Author Comment

ID: 36941465
ok.. I will try using RADIUS. I actually have RADIUS installed.
basic authentication...? I have tried using it but it does not seem to work the way I want. because users are still asked authentication before they visit the net.

so in using basic authentication., will users be using automatic proxy?? so how do I set up automatic proxy??


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question