Suraj Singh's information Security Blog

For people who work on information Security.

By pass ISA/TMG server Part 2

By pass ISA/TMG server Part 2

  • Comments 3
  • Likes

For Direct access to work or in other words if you want to By pass the ISA/TMG server for certain websites using configuration on the ISA/TMG server then we need to understand this process in little more detail.

let us first see what options we have on the Browser for proxy settings.

In the Proxy settings on the right side window we have area marked with red circle and area marked with blue circle

a. Area in Red is for automatic configuration.

b. Area in blue is manual proxy settings.

Now we know how browser can be configured for proxy settings, we can discuss the possible ways to By pass the ISA/TMG server.

There two possible ways.

1. Manualy configure browser to by pass ISA/TMG server.

2. Configuration on ISA/TMG server to allow web proxy clients to by pass the ISA/TMG server.

Manual configuration

This is the simplest way, here we manualy enter the proxy server(ISA/TMG server) name or Ip address in the browser as shown below

We want to bypass ISA/TMG server for www.abc.com to do that in manual approach we will click on advanced button in the above window

as shown below we will get the second window which has section exception there we would add *.abc.com; as marked.

 Then save the settings on the browser , we should be able to bypass the ISA/TMG server while accessing www.abc.com

Bypass using Configuration on the ISA server

 This option requires us to put couple of things in place before we can start using it, as explained later in this section.In order to use this option we would have to use Automatic detect settings(automatic configuration) of the browser proxy settings marked red in fig 1. which I m showing below again

i.e. we will check auto detect settings in the proxy settings. And on ISA server we would have *.abc.com/* in the direct access configuration under the web browser tab of internal network properties.

But for autodetect setting to work we need to configure web proxy auto detect on DHCP or DNS server and Publish Automatic Discovery Information on the ISA/TMG server as described in following technet article

http://technet.microsoft.com/en-us/library/cc713344.aspx in detail.

Important parts from above  article

To configure DHCP for WPAD

or configure DNS

 

Publish Automatic Discovery Information on the ISA/TMG server

 Above although says ISA server 2004 but concept is same for ISA server 2006 and TMG 2010. Once we have setup DHCP/DNS with WPAD and published Automatic Discovery Information, we should be able to access internet using autodetect settings in the browser(web proxy client with auto detect) and should be able to bypass ISA/TMG server while accessing www.abc.com.

Bypass ISA/TMG part 3 we will discuss the logic behind what we have discussed above.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment