If you’ve been following, I’ve recently been playing with Forefront Threat Management Gateway 2010, the “new” ISA Server.
Now, for all intensive purposes, everything is configured correctly. There’s a virtual IP for the proxy array (let’s say, 192.168.0.10), and the WPAD file is published, and contains the IP addresses of both proxies (let’s say, 192.168.0.11 and 12). The DNS and DHCP records are created, pointing clients to http://wpad/wpad.dat
If I configure IE to point directly to the proxy’s virtual IP or it’s statically configured DNS A record, it all works fine.
Something’s not right. Internet Explorer successfully picks up the WPAD file, but from there, it doesn’t work. Why?
Well, after days of trying to figure it out, it turns out to be something very obvious. The client PC’s I’m using are in different VLAN’s.
Connecting via telnet to the virtual IP on port 80 works fine, connecting to the individual proxies in the array times out.
I guess I have to open up the firewall to allow port 80 to the individual proxies!