Microsoft KB Archive/309814

= How To Configure Firewall and Web Proxy Client Autodiscovery in Windows 2000 =

Article ID: 309814

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server

-



This article was previously published under Q309814



IN THIS TASK
SUMMARY
 * Configure the DNS and the DHCP Server
 * Configure the Firewall Client and the Web Proxy Client
 * Configure ISA Server Autodiscovery

REFERENCES



SUMMARY
ISA Server supports several client types, including Web Proxy client computers and Firewall client computers. You can configure a CERN-compliant browser to be a Web Proxy client. Web Proxy client browsers send Hypertext Transfer Protocol (HTTP) requests directly to the Web Proxy service on the computer that is running ISA Server. Computers that have Firewall Client installed are called Firewall clients. Firewall clients forward Winsock requests directly to the Firewall service on the ISA Server computer.

You can manually configure both the Web Proxy client and the Firewall client with the Internet Protocol (IP) address or the computer name of the ISA Server computer. However, if you manually configure the address for the Web Proxy client and the Firewall client for mobile users, the users may find this configuration cumbersome. Both client types support Autoconfiguration. When you configure the Web Proxy and Firewall client to use Autodiscovery, mobile users do not need to manually reconfigure client settings. This article describes how to configure Autodiscovery for a Firewall client and the Web Proxy client.

back to the top

DNS and DHCP Server Configuration
Web Proxy and Firewall clients can use either a DHCP server or a DNS server to obtain Autoconfiguration information.

To configure the DNS server to send the Autoconfiguration URL to the Web Proxy and Firewall client:
 * 1) Start the DNS snap-in.
 * 2) In the console tree, click your server name, and then click Forward Lookup Zones.
 * 3) Right-click the forward lookup zone that you want to support Web Proxy and Firewall client Autoconfiguration, and then click New Alias.
 * 4) Type wpad in the Alias name box.
 * 5) Type in the Fully Qualified Domain Name(FQDN) of the ISA Server computers internal interface. Use the Browse button to minimize the chance of making an error.

NOTE: The ISA Server computer must already have a Host (A) address record before you create an Alias (CNAME) record.
 * 1) Click OK.

To configure the DHCP server to send the Autoconfiguration URL to the Web Proxy and Firewall client:
 * 1) Start the DHCP snap-in.
 * 2) Right-click the DHCP name, and then click Set Predefined Options.
 * 3) Click Add.
 * 4) Type wpad in the Name box.
 * 5) Click String in the Data Type box.
 * 6) Type 252 in the Code box.
 * 7) Click OK.
 * 8) Type http:// /wpad.dat in the String box in the Predefined Option and Values dialog box.
 * 9) Click OK.

If you configure a WPAD alias in DNS, the string value is:

http://wpad/wpad.dat

If you have not configured a WPAD alias in DNS, the string value is:

http:// /wpad.dat

NOTE: ISA processes AutoDiscovery requests on port 80. Unless this port has been changed, the port number that you enter in the configuration for option 252 is the default of 80. It is not recommended to access autodiscovery information through the WebProxy port or to make the autodiscovery port the same as the web proxy port as it can fail if user based authentication is enforced. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

305204 Clients That Use an Automatic Configuration Script May Not Work Because of Proxy Authentication

back to the top

Firewall Client and Web Proxy Client Configuration
To configure the Web Proxy client browser to automatically detect its settings:
 * 1) Start Internet Explorer 5.0 or later.
 * 2) On the Tools menu, click Internet Options.
 * 3) Click the Connections tab.
 * 4) Click LAN Settings.
 * 5) Click to select the Automatically detect settings check box, click OK, and then click OK again.

To configure the Firewall client to automatically detect settings:
 * 1) Open Control Panel, and then double-click Firewall Client.
 * 2) Click to select the Automatically detect ISA server check box.
 * 3) Click Update Now, and then click OK.

NOTE: the Autodiscovery feature is not supported on Windows 95 and Windows NT 4.0 Workstation clients.

back to the top

How to Configure ISA Server Autodiscovery
By default, ISA Server publishes Autodiscovery information on port 80 of its internal interface. To change the port number if you do not want to use port 80 to publish Autodiscovery information:
 * 1) Start the ISA Management snap-in.
 * 2) Right-click your server or array.
 * 3) Click the Autodiscovery tab, and then verify that the Publish automatic discovery information option is selected.
 * 4) Change the port from 80 to an alternative port, and then click OK.
 * 5) Click Save the changes and restart the service(s) to restart the Web Proxy service.

NOTE: The computer can fall back on other configurations if the Firewall and Web Proxy clients are not able to automatically detect the ISA Server computer. For example, if the Web Proxy client is not able to automatically detect the ISA Server computer, it can still take advantage of a SecureNAT configuration if you gave the computer a default gateway that can route Internet-bound requests to the internal interface of the ISA Server computer.

back to the top

