Create a WPAD Entry in DHCP

  • Article

By default, Forefront TMG in Windows EBS is configured as a server for the Web Proxy Automatic Discovery (WPAD) protocol. Forefront TMG publishes autodiscovery information for the internal network on port 80. Web proxy clients (such as the client Web browser) use the WPAD protocol to obtain a WPAD URL from a DHCP server or a DNS server. The WPAD URL is used to locate a configuration file that is used to configure the settings of the Web proxy client.

By default, the DNS Server service on the Management Server is configured to direct WPAD requests to the Security Server. You can optionally configure WPAD by using the DHCP Server service on the Management Server. A WPAD entry that is configured in DHCP takes precedence over a WPAD entry that is configured in DNS.

You can use the following procedures to:

  • Verify the configuration of Forefront TMG as a WPAD server

  • Create a WPAD entry in the DHCP Server service on the Management Server

To verify the configuration of Forefront Threat Management Gateway as a WPAD server

  1. Log on to the Management Server by using an account that is a member of the Domain Admins group.

  2. Click Start, click All Programs, click Windows Essential Business Server, and then click Windows Essential Business Server Administration Console.

  3. Click the Security tab, click Network firewall, and then in the tasks pane, click Start Forefront Threat Management Gateway console.

  4. In the Windows Security dialog box, type your credentials to connect to the Security Server, and then click OK.

  5. In the Forefront TMG console tree, click Networking.

  6. In the details pane, click the Networks tab, and then click the name of the network where you want to listen for WPAD requests from clients (usually the default Internal network).

  7. On the Tasks tab, click Edit Selected Network.

  8. On the Auto Discovery tab, verify that Publish automatic discovery information for this network is selected.

  9. In Use this port for automatic discovery requests, verify the port on which the Forefront TMG WPAD server listens for WPAD requests from clients. If necessary, type a different port number.

    Note

    If you are using a WPAD entry in DNS, you must publish on port 80. WPAD entries in DHCP can use any port.

To create a WPAD entry in the DHCP Server service

  1. Log on to the Management Server by using an account that is a member of the Domain Admins group.

  2. Click Start, point to Administrative Tools, and then click DHCP.

  3. Expand the name of the Management Server, right-click IPv4, and then click Set Predefined Options.

  4. In the Predefined Options and Values dialog box, click Add.

  5. In the Option Type dialog box, do the following:

    • In Name, type WPAD.

    • In Code, type 252.

    • In Data type, select String, and then click OK.

    • In String, type https://<SecurityServerName>:<PortNumber>/wpad.dat, where SecurityServerName is the fully qualified domain name of your Security Server, and PortNumber is the port on which WPAD information is published in Forefront TMG, and then click OK. (By default in Windows EBS, WPAD information is published on port 80.)

      Note

      Make sure that you use lowercase letters to type wpad.dat.

  6. In the console tree, expand the DHCP scope for which you want to configure WPAD, right-click Scope Options, and then click Configure Options.

  7. Click Advanced, and then in Vendor Class, click Standard Options.

  8. In Available Options, select 252 WPAD, and then click OK.