Configuring DHCP and DNS for ISA automatic discovery

In this tutorial I will highlight the advantages of having automatic configuration of your ISA web proxy and firewall clients. In a rollout of more than 50 clients this can prove as an incredible time saver helping you to roll out as soon as a user logs into a machine that has internet explorer already preinstalled.

When using ISA in a medium to large sized operation it is beneficial to the business that minimal time is utilized rolling out clients. More effort should be focused on the integrity of the ISA server and its services. In these environments it can be extremely advantageous to auto configure the ISA clients seamlessly. This strategy will not only reduce helpdesk calls but also ensure that a standard is followed throughout the organization, saving you time and money.

The auto discovery process

Firewall clients

  1. A Winsock request is made and the client connects to the DNS/DHCP server.
  2. The DNS/DHCP server has a Wpad entry pointing to a Wpad server (ISA Server computer).
  3. Firewall client request is then quenched by the server that client is redirected to.

Web Proxy clients only IE5 and higher

  1. A Web request is made the client connects to the DNS/DHCP server.
  2. The DNS/DHCP server has a Wpad entry pointing to a Wpad server (ISA Server computer).
  3. Web proxy client request is then quenched by the server that client is redirected to.

DHCP automatic discovery configuration

1. On the server that has DHCP running on it and click the DHCP manager.

2. In the DHCP MMC right-click the respective DHCP server, then select and click Set Predefined Options.

 

3. Now click add. This screen reflects where you will be able to configure new DHCP options that will give a new angle in dynamically assigning IP addresses of respective servers that that are in fact running ISA server.

4. In the Name field type Wpad, in the data type drop down box you must select string then in the code field type in 252 and give the option type a descriptive name. Now click ok. Then click Ok again.

5. You should now be presented with this window. In the general tab under the available options box scroll to WPAD and select it. In the String value you should type in  http://the name of the ISA server: the Auto Discovery PortNumber/Wpad.dat.  A typical string will look like this: Http://ISA.network.com:80/wpad.dat

6. Right-click Server options and then click configure options to confirm your settings.

Configuring DNS for auto discovery of ISA

This part of the article assumes that you have already configured your DNS server to at least have a forward lookup zone, and that you have access to the server that has DNS installed on it.

1. Click on the DNS icon to open the DNS MMC on the windows 2000 server that has DNS installed on it.

 

2. Right click on the respective forward lookup zone.

3. Now click New Alias.

 

4. In Alias name, type Wpad and then in the fully qualified name for target host text field type in the FQDN of the ISA server. Then click ok.

You have now successfully configured two methods of contacting the ISA server. Please note that the client also needs to be enabled for auto configuration, to enable it to auto detect the settings that it needs to contact the respective ISA server.

Summary

In an ever changing environment it is essential to save time. Auto configuration of the ISA server client can prove to be an effective tool if used as intended. It is a good idea to get to grips with this tool because it will really change the way that clients interact with ISA making rolling out of ISA clients less of a painstaking task in large rollouts.

About Ricky M. Magalhaes

Ricky M. Magalhaes is a security specialist that has worked as a consultant and IT technical specialist for the past 8 years. He has been primarily responsible for implementation and design of Security, network architecture, communications, network infrastructure and Security R&D for many South African organizations that he works with. He is a windows 9x product specialist and has been working with the windows product since version win 3.11. He has also written articles on security for www.windowsecurity.com ; www.ISAserver.org ; www.governmentsecurity.com and many other well known security and technology websites.

Click here for Ricky M. Magalhaes's section.

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on ISAserver.org! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update. Sign up to the ISAserver.org Monthly Newsletter, written by ISA expert Dr. Tom Shinder, containing news, the hottest tips, ISA links of the month and much more. Subscribe today and don't miss a thing!



Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center

Readers' Choice

Which is your preferred ISA Server Content Security solution?