Hello All,

I have a question regarding force tunneling in DA 2012. 

I want to know whether we can force the traffic to go the internal proxy server for a particular website. I don't want to enable the force tunneling for all the traffic, just want to enable it for few site. 

-Ashish

Hi,

The force tunneling force all trafic to go  into the DirectAccess tunnels. DirectAccess operate at computer/user level, It does not operate at Proxy level.

Hello There,

As mentioned by other expert, we do not have a Interface via DA to do this.

however you can achieve the same by editing GPO directly -- do not edit the GPO created by DA wizard directly, as it might get over written at the next Activation.

Instead duplicate the DA's GPO and its security settings and edit them

You can also check this out.

https://social.technet.microsoft.com/Forums/forefront/en-US/d3c6fb5e-f006-45f4-ab7d-c0f720fc473f/directaccess-for-1-single-fqdn?forum=forefrontedgeiag

• Edited by Vasu Deva 19 hours 44 minutes ago

Hello There,

As mentioned by other expert, we do not have a Interface via DA to do this.

however you can achieve the same by editing GPO directly -- do not edit the GPO created by DA wizard directly, as it might get over written at the next Activation.

Instead duplicate the DA's GPO and its security settings and edit them

You can also check this out.

https://social.technet.microsoft.com/Forums/forefront/en-US/d3c6fb5e-f006-45f4-ab7d-c0f720fc473f/directaccess-for-1-single-fqdn?forum=forefrontedgeiag

• Edited by Vasu Deva Friday, April 17, 2015 11:38 AM

Hello There,

As mentioned by other expert, we do not have a Interface via DA to do this.

however you can achieve the same by editing GPO directly -- do not edit the GPO created by DA wizard directly, as it might get over written at the next Activation.

Instead duplicate the DA's GPO and its security settings and edit them

You can also check this out.

https://social.technet.microsoft.com/Forums/forefront/en-US/d3c6fb5e-f006-45f4-ab7d-c0f720fc473f/directaccess-for-1-single-fqdn?forum=forefrontedgeiag

• Edited by Vasu Deva Friday, April 17, 2015 11:38 AM

Hello There,

As mentioned by other expert, we do not have a Interface via DA to do this.

however you can achieve the same by editing GPO directly -- do not edit the GPO created by DA wizard directly, as it might get over written at the next Activation.

Instead duplicate the DA's GPO and its security settings and edit them

You can also check this out.

https://social.technet.microsoft.com/Forums/forefront/en-US/d3c6fb5e-f006-45f4-ab7d-c0f720fc473f/directaccess-for-1-single-fqdn?forum=forefrontedgeiag

• Edited by Vasu Deva Friday, April 17, 2015 11:38 AM

I have a further question in regards to force tunneling. I have configured the direct access 2012 to make use of the force tunneling and i have configured to make use of the internal proxy server. Now i want to add the exception for the site that have been hosted externally and we dont want to route the traffic through the DA tunnel for those particular site. I have added the exception entries in the NRTP table. But i still see the traffic flowing from the direct access tunnel? Is this the normal behavior? Or how can we setup the nrtp exception entries in force tunneling mode? we can't remove the force tunneling as it is a security requirement?

-Ashish

 

Hi,

Force tunneling isolation mecanism rely on a GPO parameter in Computer configuration\Administrative Template\Network\Network connections\Route all traffic, ... If you overide it with a GPO of yours you may (not tested) be able to have NRPT exception working.