"I would like to be able to do this without manually reconfiguring the
"Internet setting" on hostA browser."
How are the browsers set up to use the existing ISA proxy? There are three
ways:
1. "Automatically detect settings" - uses a DNS entry beginning with
"wpad." as in wpad.ourcompany.com . The computer name also must be set up as
fully qualified when you look at it in My Computer. If DHCP is used to
assign IP addresses, you must pass the default DNS domain in DHCP. That's
because the browser tries to go to "wpad.whatever default DNS domain it
finds"
Alternatively you can use a DHCP Option 252 setting, but that requires the
client to have local admin rights.
2. "Use automatic configuration script" - This downloads a script from ISA
named "wpad.dat" that is used to automatically configure the browser. The
script would be entered as
"http://wpad.ourcompany.com:8080/array.dll?Get.Routing.Script"; although many
implementations use the ISA computer name and not the fully qualified domain
name. The wpad.dat script is created automatically when you configure ISA.
I use both of the above on all computers.
The third way is to use the "Proxy Server" settings and hard code the IP
address and port. This is the least desirable way because it forces 100% of
all traffic through the ISA serrver unless you manually set exceptions on
each computer. It also prevents laptops off the network from browsiung the
Internet because the proxy server is unavailable.
Whatever way your computers are using, you'll need to take into
consideration how it finds the ISA server.
HTH,
Ray
From: cisco4ng <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Checkpoint and Microsoft ISA Server 2004 transparent
proxying
Date: Fri, 29 Dec 2006 15:51:07 -0800
A customer asked me this but I don't know the answer to this. Can someone
help?
hostA------------------------------------
|
Local LAN_X |-----CheckpointNGx----Internet
|
Microsoft Proxy Server hostB---|
HostA wants to browse the Internet via the browser. HostA default
gateway is the CheckpointNGx internal interface. CheckpointNGx is
doing either "hide" or static NAT for localLAN_X.
I would like to configure the Checkpoint firewall so that when
hostA initiates a connection via the browser to the Internet, it will
go to the CP firewall first. CP firewall will then re-direct
that connection to the Proxy Server hostB. I would like to be
able to do this without manually reconfiguring the "Internet
setting" on hostA browser. This is called transparent proxying.
In other words, hostA is being redirect to the proxy server hostB
without knowing anything about it. The Proxy Server hostB will
do the Web Proxy http/https connection for hostA.
Can it be done with Checkpoint? If so, how? Thanks. I can not
change the flow of the traffics or the design. this is what the
customer wants. My job is to implement it.
cisco4ng
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Fixing up the home? Live Search can help
http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
