Enabling Web Proxy Clients for Direct Access
Enabling direct access for Web Proxy clients that do not have Firewall Client software installed consists of the following:
- In ISA Server Management, specify the list of IP address ranges, computers, and sites that should be accessed directly by clients. The specified list is sent to the Web browser in the automatic configuration script.
- Configure Internet Explorer to use the automatic configuration script containing the direct access list. Internet Explorer can either be configured to automatically detect ISA Server configuration settings, by means of a Web Proxy Automatic Discovery (WPAD) entry in DNS or DHCP, or you can manually specify the location of the configuration script.
Note the following:
- In normal circumstances, requests from Web Proxy clients going through ISA Server are resolved by ISA Server on behalf of the client. For direct access destinations, Web Proxy clients must be able to do name resolution themselves, and will need a DNS server specified in TCP/IP properties for the client computer. For published resources, clients must be able to resolve the name of the published resource to an internal IP address.
- Client computers configured as Web Proxy clients only will require an access rule allowing anonymous access to the direct access site without requiring authentication. Place the rule above other rules requiring authentication for the same protocol.