https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39787#M29178 <HTML><HEAD></HEAD><BODY><P>Within GP, you can push the default route 0.0.0.0/0 to the clients and all traffic will be routed back to the GP gateway.&nbsp; If you want port 80 traffic to hit your WebSense, you could configure Policy Based Forwarding (PBF) on the PA device to send port 80 traffic to WebSense.&nbsp; Thanks.</P></BODY></HTML> Fri, 10 Feb 2012 19:50:33 GMT rmonvon 2012-02-10T19:50:33Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39780#M29171 <HTML><HEAD></HEAD><BODY><P>Seeing since there is no support to push down client proxy settings via GP - does anyone know if we can set up a DHCP scope for SSL VPN clients that has/allows for option 252 WPAD support?</P><P></P><P>Thanks</P><P></P><P>Rod</P></BODY></HTML> Wed, 08 Feb 2012 09:46:04 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39780#M29171 djrodb 2012-02-08T09:46:04Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39781#M29172 <HTML><HEAD></HEAD><BODY><P>You mean having the PAN acting as a DHCP-server for your clients?</P></BODY></HTML> Thu, 09 Feb 2012 08:30:36 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39781#M29172 mikand 2012-02-09T08:30:36Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39782#M29173 <HTML><HEAD></HEAD><BODY><P>Hi - Thanks for responding.</P><P></P><P>Yes having an option for wpad that's configurable via the dhcp or IP pool option.</P><P></P><P>For example we have a laptop that connects via GP or Cisco VPN client. The laptop gets an IP address from the IP pool however the laptop doesn't know the correct proxy address and therfore can't access the interent via our internal network.</P><P></P><P>With CIsco ASA's and PIX's you could specify an address for the proxy that was downloaded to the client. There is no feature with GP that supports this funciton.</P><P></P><P>Thanks</P><P></P><P>Rod</P></BODY></HTML> Thu, 09 Feb 2012 09:49:36 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39782#M29173 djrodb 2012-02-09T09:49:36Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39783#M29174 <HTML><HEAD></HEAD><BODY><P>I dont know if the built in dhcpserver of PAN have support for option 252 today. Sounds like you should contact your sales rep with a feature request regarding this.</P><P></P><P>Another method to inform the client of which proxy to use is to send this info through an AD-policy if you use AD for your internal network.</P></BODY></HTML> Thu, 09 Feb 2012 09:55:09 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39783#M29174 mikand 2012-02-09T09:55:09Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39784#M29175 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Thanks for your response.</P><P></P><P>I've contacted our sales rep and requested this feature to be included in future updates.</P><P></P><P>Re AD - there is no way to achieve this without invoking some sort of trigger to run the AD policy on the remote clients. This is something I want to stay clear off.</P><P></P><P>Regards</P><P></P><P>Rod</P></BODY></HTML> Fri, 10 Feb 2012 14:16:29 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39784#M29175 djrodb 2012-02-10T14:16:29Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39785#M29176 <HTML><HEAD></HEAD><BODY><P>GlobalProtect doesn't provide this option at this point. We also don't use DHCP to assign IP addresses or any other network parameters to the GlobalProtect Agents. Just out of curiousity, why do you need to proxy remote access connections to your intranet? If it is for access control, I suppose App-ID and user authentication would give you the tools needed.</P></BODY></HTML> Fri, 10 Feb 2012 18:26:29 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39785#M29176 mwalter 2012-02-10T18:26:29Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39786#M29177 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Thanks for the reply. I need to assign a proxy to all remote clients so that all Internet traffic (when connected through GP) is routed via in internal Websense server. Split tunnelling isn't an option and all http traffic must pass though the WEbsense box.</P><P></P><P>As we use WEbsense and external radius servers for authentication we haven't needed to use user authentication. </P><P></P><P>I've asked our reseller to pass this onto PA as a feature request,</P><P></P><P>Rod</P></BODY></HTML> Fri, 10 Feb 2012 19:43:48 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39786#M29177 djrodb 2012-02-10T19:43:48Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39787#M29178 <HTML><HEAD></HEAD><BODY><P>Within GP, you can push the default route 0.0.0.0/0 to the clients and all traffic will be routed back to the GP gateway.&nbsp; If you want port 80 traffic to hit your WebSense, you could configure Policy Based Forwarding (PBF) on the PA device to send port 80 traffic to WebSense.&nbsp; Thanks.</P></BODY></HTML> Fri, 10 Feb 2012 19:50:33 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39787#M29178 rmonvon 2012-02-10T19:50:33Z https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39788#M29179 <HTML><HEAD></HEAD><BODY><P>Fantastic, thanks for the advice. Will try it out on Monday.</P><P></P><P>Rod</P></BODY></HTML> Fri, 10 Feb 2012 20:24:54 GMT https://live.paloaltonetworks.com/t5/general-topics/dhcp-option-252-wpad/m-p/39788#M29179 djrodb 2012-02-10T20:24:54Z