Our community of experts have been thoroughly vetted for their expertise and industry experience.
Browse All Articles > ISA Server - What are the different types of ISA client that can be used?
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server
SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its default gateway pointing to the ISA Server internal ip address or routes its default traffic to the ISA server internal ip address.
Web Proxy. A Web Proxy client for ISA server is a client machine, work station or server, that has its browser proxy settings pointing to the ISA IP address and the port set to match the port configured for web proxy traffic in the ISA GUI. The ISA Server default port number for web proxying is 8080.
ISA Firewall client. The ISA firewall client is a separate application supplied with the ISA Server installation media that can be installed on each work station as required. The purpose of the ISA firewall client application is to pass all traffic to ISA server and to carry the user credentials of the looged-in user for applications that, by default, cannot do so. An example would be an FTP client application - FTP packets do not have the ability to carry the user credentials within the data stream; if the ISA Server firewall policy has been set to allowed authenticated users only to use ftp then ISA will receive the initial packets and review its rule base. After seeing that the rule requires authentication, it will deny the request and pass a request back to the client asking for authentication credentials for checking. A normal ftp client will not understand this request and so the packet will not pass further and the connection is denied. With the ISA firewall client installed, the ISA client sees this request for authentication from the ISA Server and will respond with the users credentials on behalf of the ftp application. ISA receives the response, checks against AD and then allows the traffic to pass (assuming the user was a member of the allowed AD group).