<

ISA Server - What are the different types of ISA client that can be used?

Published on
11,434 Points
4,834 Views
1 Endorsement
Last Modified:
Approved
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server

SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its default gateway pointing to the ISA Server internal ip address or routes its default traffic to the ISA server internal ip address.

Web Proxy. A Web Proxy client for ISA server is a client machine, work station or server, that has its browser proxy settings pointing to the ISA IP address and the port set to match the port configured for web proxy traffic in the ISA GUI. The ISA Server default port number for web proxying is 8080.

ISA Firewall client. The ISA firewall client is a separate application supplied with the ISA Server installation media that can be installed on each work station as required. The purpose of the ISA firewall client application is to pass all traffic to ISA server and to carry the user credentials of the looged-in user for applications that, by default, cannot do so. An example would be an FTP client application - FTP packets do not have the ability to carry the user credentials within the data stream; if the ISA Server firewall policy has been set to allowed authenticated users only to use ftp then ISA will receive the initial packets and review its rule base. After seeing that the rule requires authentication, it will deny the request and pass a request back to the client asking for authentication credentials for checking. A normal ftp client will not understand this request and so the packet will not pass further and the connection is denied. With the ISA firewall client installed, the ISA client sees this request for authentication from the ISA Server and will respond with the users credentials on behalf of the ftp application. ISA receives the response, checks against AD and then allows the traffic to pass (assuming the user was a member of the allowed AD group).

Keith Alabaster
ISA MVP
1
Enjoy this complimentary article view.

Get unlimited access to our entire library of technical procedures, guides, and tutorials written by certified industry professionals.

Get 7 days free
Click here to view the full article

Using this article for work? Experts Exchange can benefit your whole team.

Learn More
COLLABORATE WITH CERTIFIED PROFESSIONALS
Experts Exchange is a tech solutions provider where users receive personalized tech help from vetted certified professionals. These industry professionals also write and publish relevant articles on our site.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Learn from the best.