Follow the configuration instructions for the Explicit Deployment scenario, but with the following
differences:
■
Ensure that your ISA/TMG server is between the clients and your Web Appliance.
■
Ensure that your ISA/TMG server is configured to pass traffic through the Web Appliance if it
is configured in an Explicit Deployment.
■
Ensure that your Active Directory server, if you are using one, is located on the network side,
between your clients (users) and your ISA/TMG server. The ISA/TMG server must also be
configured to allow communications between your Web Appliance and your Active Directory
server.
Note: Web Appliance policy will be applied to users authenticated by the Active Directory
server using the pre-Windows 2000 format DOMAIN\username only.
■
If the ISA/TMG plug-in is installed, enter the IP address of the downstream ISA/TMG server
in the Accept authentication from downstream ISA/TMG servers section on the
Configuration > Network > Hostname page.
Note: A simple way to set up load balancing amongst multiple Web Appliances is to set up a
DNS round robin scheme. If you do this, you should disable DNS caching because Windows DNS
caching can mask the round robin effect.To disable Windows DNS caching, see the Microsoft
Support article http://support.microsoft.com/kb/318803.You must ensure that you have a firewall
with network address translation (NAT), but not an ISA or TMG server in firewall mode, between
the Web Appliances and the internet.This firewall must be configured to present a single IP for
the Web Appliances to the sites on the internet.The NAT, or IP masquerading, prevents sites
that check and record the IP address of visitors in cookies from encountering multiple IP addresses.
Note: Explaining how to configure an ISA/TMG Server is beyond the scope of this documentation.
For details on ISA/TMG Server configuration, see the Microsoft ISA Server Deployment page or
the Microsoft Forefront TMG Deployment page.
Related tasks
Existing Cache Deployment on page 35
Related information
Disabling Client-Side DNS Caching
Microsoft ISA Server Deployment
Microsoft Forefront TMG Deployment
2.3.2 Transparent Deployment
This deployment involves configuring the firewall or router to route all port 80 and port 443 traffic
to the Web Appliance. In this mode, web traffic filtering is transparent to users. Unlike Explicit
Deployment, you are not required to configure end user browsers.
■
Inspects HTTP and HTTPS traffic.
■
Only the firewall and/or the router requires configuration.
■
If it fails, only the firewall and/or the router must be reconfigured.
Operation
Sophos Web Appliance | Getting Started | 29
To Next Page
Loading...
Need help?
General
