Avatar of ICGIT
ICGIT
Flag for undefined asked on

Tablet and Phone Issues with Isa 2006

There are several wireless routers installed in our network, to give users the possibility to access the internet with their laptops. With the recent popularity of tablets, and the fact that we use ISA firewall client to restrict unauthorized users from accessing the internet, we are faced with the fact that he tablets and also phones, cannot gain access to the internet.

I am aware of the rule creating, based on IP address or MAC address, but in our organization people comeand go on a daily bases and a registering mac addresses will not solve the issue.

Thanks in Advance

jt
Microsoft Forefront ISA Server

Avatar of undefined
Last Comment
ICGIT

8/22/2022 - Mon
Rob Knight

Hi,

Could you use DHCP and Proxy auto-configuration scripts to assign Proxy settings to the tablets and smartphones?

Regards,


RobMobility.
ienaxxx

You can use softwares like ProxyDroid to setup proxy for navigating through the proxy using tablet and phones, if the O.S. doesn't provide a way to set proxy settings (like Android does).

Elseway you should configure a transparent proxy for your network. This involves forwarding all :80 requests to the :8080 port of your proxy.

HTH. Bye!
ICGIT

ASKER
Sorry for the ignorance, but I do not understand the issuance of scripts to the tablets or smartphones. How do you distinguish between a pc tablet or smart phone once issued a lease by DHCP ?

Also the :80 requests are not clear.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
pwindell

Short of some kind of Proxy App the phones will only operate as SecureNAT Clients (meaning anonymous) unless the built in browser has a place to enter "proxy settings" and a place to enter "proxy credentials".  Without a place to enter the credentials it will just get denied by the proxy.

The "Pads",...I only poked at an iPAD once and it had a place to put in both "proxy settings" and "proxy credentials" however the stupid thing would still have problems authenticating.  For every web page that you opened you would still get a prompt for credentials in-spite of entering the credentials in the settings,...yet you could just "cancel" the prompt and it would go ahead and work,...usually for every web page it would prompt three times and you could just hit "cancel" three times and it would work.  So the credentials entered into the settings worked,...it just wasn't neat and clean.

Protocols beyond HTTP and HTTPS
For any other protocols beyond HTTP and HTTPS your only option is for it to operate as a SecureNAT Client,...there is no way you are going to install any Winsock Client on it that will operate with the ISA/TMG Firewall Server (aka Winsock Proxy Service) and be able to handle the authentication.

These Phones and Pads (particularly the Pads) are just "Laptop Wanabee" Toys,...they cost as must as a cheaper laptop but they won't even do half as much as a Laptop.   The keyboard "add-ons" might make them "look" like a laptop,...but it doesn't change what they are.   They are just crap,...over-market,...under-deliver,...get the people to buy them,...run to the bank with the money.
pwindell

Could you use DHCP and Proxy auto-configuration scripts to assign Proxy settings to the tablets and smartphones?
Regards,
RobMobility.


That won't get it to authenticate.  If they follow the WPAD standard they will correctly "find" the proxy,...but they will not authenticate properly,..or at least automatically.
ICGIT

ASKER
I agree fully, however we serve government officials that are ignorant to the fact that the latest gadgets are not always the most adequate.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
pwindell

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
pwindell

It isn't that much different then Linux running on PCs.  It was the same old story as that until Likewise-Open and some other similar products came out that gave Linux the ability to join a Domain and do a Single signon without having to create a local user account to mirror the domain account.
ICGIT

ASKER
Hahaha I get yourpoint. Eventhough I did not get a solution, I got the answer I was looking for. Unfortunately I can't use your comments as support material, but at least I know I am not the only one who is of this opinion.
pwindell

I just found this earlier this morning...while digging for Linux related stuff..

Check with a company called Centrify
http://www.centrify.com/

Watch the video on the page called "Introducing DirectControl for Mobile".  It seemed interesting.  Even if none if it solves your current problem,...it may help with problems I am quite sure you will eventually have if the Executives and Governemt Officials keep hitting us with the BYOD stuff.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ICGIT

ASKER
Thanks for the info. Good luck !!