Configuring Firewall clients for automatic detection

  • Article

Configure Firewall Clients for automatic detection

For ease of deployment, when you configure Firewall client support on a Microsoft Forefront Threat Management Gateway network, you can configure the network properties to enable Web browsers on Firewall client computers in the network to use automatic discovery, either by using WPAD or a static configuration script.

These settings are applied when Firewall Client software is installed on client computers. If you later make changes to Firewall client configuration settings on the Forefront TMG computer, Forefront TMG automatically updates configuration settings as follows:

  • Each time Firewall Client is restarted.
  • Each time Detect Now or Test Server is clicked on the Settings tab in the Microsoft Firewall Client management console on the client computer.
  • Every six hours after the previous refresh.

Settings are applied to all users on the Firewall client computer.

Configuring the browser on a Firewall client computer to use WPAD

  1. In console tree of Forefront TMG Management, click Networking.
  2. In the details pane, click the Networks tab, and then select the applicable network (usually Internal).
  3. On the Tasks tab, click Edit Selected Network.
  4. Ensure that Enable Firewall client support is selected on the Firewall Client tab, and on the Auto Discovery tab, select Automatically detect settings.

Configuring the browser on a Firewall client computer to use a static configuration script

  1. In the console tree of Forefront TMG Management, click Networking.
  2. In the details pane, click the Networks tab, and then select the applicable network (usually Internal).
  3. On the Tasks tab, click Edit Selected Network.
  4. Ensure that Enable Firewall client support is selected on the Firewall Client tab, and on the Auto Discovery tab, select Use automatic configuration script.
  5. Select one of the following:
    • Use default URL. Forefront TMG provides a default configuration script at the location https://FQDN:8080/array.dll?Get.Routing.Script, where the FQDN is that of the Forefront TMG computer. This script contains the settings specified on the Web Browser tab of the network properties.
    • Use custom URL. As an alternative to the default script, you can construct your own Proxy Auto-Configuration (PAC) file and place it on a Web server. When the client Web browser looks for the script at the specified URL, the Web server receives the request and returns the custom script to the client.