It works fine if we manually configure the location of the PAC file in the browser. However, our end users (about 2000 of them) won't go for having to uncheck that option if we push it out by GPO. I hadn't had any luck googling the symptoms so I was hoping somebody on the list may have experienced this issue. We never noticed it before because we hadn't been locking down the firewalls very tight. So when we started forcing people through the proxy we didn't realize the issue because they would just go out direct to the web if they didn't go to the proxy. With the Default Deny, if they initate any traffic to any Non-RFC 1918 space the traffic is dropped. So that is when we noticed the issue. Thoughts ? Regards, Eric Watters Network Engineer PRG Schultz Desk: 770.779.3318 Cell: 404.247.0646 eric.watters@xxxxxxxx 07/25/2006 02:03 PM To squid-users@xxxxxxxxxxxxxxx cc Subject XP IE 6.x Machines Ignoring Proxy - Squid 2.5.14 Hello All........I have been rolling out a "Default Deny" policy on all my remotely connected VPN Sites. This policy drops all non RFC-1918 IP space at the remote locations firewall. We are auto-detecting via Group Policy. The endusers have no problem resolving wpad EVER. They can ping wpad all the time. However, half the time these users are going directly to the web instead of the proxy. Consequently, unless I allow outbound http and https access on the remote firewalls access-list applied to the internal interface (remote LAN facing), I get inconsistent web access. "Page Cannot Be Displayed" a LOT of the time. This happens EVERYWHERE meaning all the remote locations I have made the firewall change. I will locate a user experiencing this issue and will debug on the remote firewall for their web traffic. What I see is that for a few seconds the end user makes calls to the Virtual Address on the Load Balancers at our corporate office (as designed) and then suddenly see a flurry of traffic trying to access the Public IP's of say........hotmail.com or yahoo.com. I am stumped and have no idea why this is happening. Regards, Eric Watters Network Engineer PRG Schultz Desk: 770.779.3318 Cell: 404.247.0646
