-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That is the plan we are going to move to eventually, but for now its manualy set
threw a the group policy.

Let me give you a little bit more of a layout.


site1-<>vpn<>internet<>main office
site2-<>vpn<>internet<>-^
site3-<>vpn<>internet<>-^

As you can see, we don't have a single Internet Firewall, if it was all in one
location then yea that would be easy to do, but we are split up across multiple
locations.
Behm, Jeffrey L. wrote:
> For one client of ours, we blocked all outbound port 80 traffic at the
> Internet firewall (with some exceptions, as usual!), and then use an
> "automatic configuration script" that is on the HTTP proxy. When the
> browser fires up on the end-user PC, it first contacts the proxy server
> to retrieve the .pac file (auto config script), and based on where it is
> headed and/or where it came from, it is directed to one of three HTTP
> proxy servers. Using the auto config script allows us to centrally
> manage where PC's go for web surfing(via changes to the .pac file). It's
> the block of direct port 80 access at the Internet firewall that
> "forces" the PC's to comply with use of the script. I guess they could
> od manual entry of the proxy settings, but most end users don't quite
> get how to do that. Additionally, use of active directory group policy
> "resets" the proxy settings on a regular basis to "force" use the .pac
> file.
>
> Here's a Microsoft Technet article on Automatic Proxy.
> http://www.microsoft.com/technet/pro...rv/reskit/ierk
> /Ch21_b.mspx?mfr=true
> It talks about using Automatic Configuration and Automatic Proxy. We are
> using the latter only. The proxy you are directed to does not *have* to
> be a Microsoft proxy. We have some traffic head to a squid proxy on a
> Solaris machine(long story).
>
> Hope this helps,
> Jeff
>
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.icsalabs.com
> [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of
> Craig Van Tassle
> Sent: Tuesday, October 17, 2006 10:36 AM
> To: Firewall Wizards Security Mailing List
> Subject: [fw-wiz] Forcing All Web traffice thew a remote proxy.
>
> I have several site and I would like to force all traffic thew a remote
> proxy at
> one site. I was thinking of setting up some form of NAT rules for
> pushing
> everything thew our proxy.
>
> How would something like that be implimented? Or what are other thoughs?
>
> Thanks,
> Craig


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFN9suAOTIJ89W4sIRAhHKAJ98IPUdfJp1BiqV4z1+RC uBEm9w6wCfS+B4
s+3ilYhXjdM1QOeVVb2EbHo=
=tpSf
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards