Options
ISA2006/TMG2010 port 80 issue
Hi
I have a issue with TMG proxy server on my network. It is joined to our parent domain and is working well serving proxy clients on port 8080.
We have not installed the TMG/ISA client on any workstations but rely on Group policy to enforce proxy settings to clients.
My problem is that being a school we have found some students have brought in laptops from home. They cannot connect to our wireless infrastructure due to its security configuration. BUT they have been disconnecting ethernet cables and plugging them into the home laptops. Our DHCP server is supplying them a Gateway IP of our core switch/ISA server and they then get web access with out a proxy.
If I change our DHCP gateway address, I can fix the problem, but Windows 7 then complains that it cant find the internet. Even though it can surf via a proxy and still access internal servers ok. (its juts the annoying network icon on bottom rhs thats an issue).
Currently ISA allows access for all domain users to its web access policy/rule. I have changed this to "authenticated users" but non proxy users can still browse.
Basically I want ISA to block web access on port 80 for all internal clients and allow web access via its proxy server only. Students do not know our proxy name and setting as the IE tabs are hidden on all student internal computers.
It should be a simple problem, but I am currently stumped.
I have a issue with TMG proxy server on my network. It is joined to our parent domain and is working well serving proxy clients on port 8080.
We have not installed the TMG/ISA client on any workstations but rely on Group policy to enforce proxy settings to clients.
My problem is that being a school we have found some students have brought in laptops from home. They cannot connect to our wireless infrastructure due to its security configuration. BUT they have been disconnecting ethernet cables and plugging them into the home laptops. Our DHCP server is supplying them a Gateway IP of our core switch/ISA server and they then get web access with out a proxy.
If I change our DHCP gateway address, I can fix the problem, but Windows 7 then complains that it cant find the internet. Even though it can surf via a proxy and still access internal servers ok. (its juts the annoying network icon on bottom rhs thats an issue).
Currently ISA allows access for all domain users to its web access policy/rule. I have changed this to "authenticated users" but non proxy users can still browse.
Basically I want ISA to block web access on port 80 for all internal clients and allow web access via its proxy server only. Students do not know our proxy name and setting as the IE tabs are hidden on all student internal computers.
It should be a simple problem, but I am currently stumped.
Isn't Bill such a Great Guy!!!!
Comments
-
Options
Hyper-Me
Banned Posts: 2,059
ISA can't do anything unless a computer is forced to go through it, through one of the various methods.
It sounds like you need to move the ISA server to be the primary incoming connection for web traffic into that building (in front of the router). This would remove the need to enforce proxy settings via group policy (which gets hairy with "other" OS's anyway) and force everything through ISA/TMG.