Setting up Automatic Discovery of ISA for Firewall Clients

Enable Autodetection in ISA

1. In the console tree of ISA Server Management, click Firewall Policy.

2. In the details pane, select the applicable network (usually Internal).

3. On the Tasks tab, click Edit Selected Network.

4. On the Auto Discovery tab, select Publish automatic discovery information.

5. Check the “Firewall Client” tab and verify that you are using FQDNs

Configure DNS

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.

2. In the console tree, right-click the applicable forward lookup zone and click New Alias.

3. In Alias name, type WPAD.

4. In Fully qualified name for target host, type the fully qualified domain name (FQDN) of the WPAD server.

Note
The ISA Server computer or array needs a host (A) record defined before you can create an Alias entry. If a host (A) record is defined, you can click Browse to search the DNS namespace for the ISA Server computer.

Configure DHCP

1. Click Start, point to Programs, point to Administrative Tools, and then click DHCP.

2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.

3. In Name, type WPAD.

4. In Code, type 252.

5. In Data type, select String, and then click OK.

6. In String, type http://Computer_Name:Port/wpad.dat where:

Computer_Name is the fully qualified domain name of the ISA Server computer.

Port is the port number on which automatic discovery information is published. You can specify any port number. By default ISA Server publishes automatic discovery information on port 8080.

7. Right-click Server options, and then click Configure options.

8. Confirm that the Option 252 check box is selected.

Notes:

When you specify the Option 252 string, be sure to use lowercase letters when typing wpad.dat. For example, if you type http://isaserver:8080/Wpad.dat, the request will fail. ISA Server uses wpad.dat and is case-sensitive. For more information, see article 252898, “HOW TO: Enable Proxy Autodiscovery in Windows 2000,” in the Microsoft Knowledge Base.

You do not need to create anything specifically for Wspad.dat. Wspad.dat uses the same 252 option as wpad.dat, and modifies the wpad.dat name to Wspad.dat as required.

To configure an Option 252 entry for a DCHP scope, do the following.

1. Click Start, point to Programs, point to Administrative Tools, and then click DHCP. Right-click Scope Options, and then click Configure Options.

2. Click Advanced, and then in Vendor Class, click Standard Options.

3. In Available Options, select the 252 Proxy Autodiscovery check box, and then click OK.

 

Troubleshooting

1. Verify that you are using FQDN

2. Use Firewall Client Tool to test autodiscovery

 

Links
http://www.microsoft.com/technet/isa/2004/plan/automaticdiscovery.mspx

http://www.microsoft.com/technet/isa/2004/plan/troubleshooting_fwc.mspx

http://www.microsoft.com/downloads/details.aspx?familyid=f20f6267-273d-4870-b1e8-799b261b4786&displaylang=en

http://www.isaserver.org/tutorials/Configuring_Automatic_Discovery_for_ISA_Server_Clients.html

http://www.isaserver.org/tutorials/Configuring-DHCP-DNS-automatic-discovery.html

Leave a Reply