Ok. Let me rephrase what is happening, what we have done, and what I want to achieve. We have the GPO setting the Auto Detect Proxy Setting in IE. We don't grey it out, so users CAN uncheck it and go around the proxy. When we use the auto detect setting, end users don't always go to the proxy. Debugs on the PIX Firewalls at all remote locations where we are forcing the users to use the Proxy Server here in Atlanta via a VPN connection indicate that for a period of time the users will initiate web connections to the proxy over port 3128. However, invariably, the end users end up sending traffic directly to the websites and the firewall, which doesn't allow users to make calls to say 209.73.186.238, drops the traffic. If I go into the endusers browser and hard code the location of the PAC file in their browser, everything works. But by doing this, they won't be able to surf the web unless they are VPN'd into our network or they go into their browser settings and remove the PAC configuration and that isn't acceptable in our environment. Our end user population is made up almost entirely of Accountants, so they aren't savvy enough to make these types of configuration changes. Additionally, our VP treats the endusers with kid gloves and doesn't ask them to do anything IT related no matter how remedial. Having said all of this, what I need to understand is why would the browsers ignore the proxy when Auto Detect Settings is selected and not ignore the proxy when the location of the PAC is hard coded. From a a layer 1-4 perspective, I can't see where this is network related. Hope this helps. Thanks in advance for your responses. Regards, Eric Watters Network Engineer PRG Schultz Desk: 770.779.3318 Cell: 404.247.0646
