[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


ISA Server - What are the different types of ISA client that can be used?

Published on
11,356 Points
1 Endorsement
Last Modified:
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server

SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its default gateway pointing to the ISA Server internal ip address or routes its default traffic to the ISA server internal ip address.

Web Proxy. A Web Proxy client for ISA server is a client machine, work station or server, that has its browser proxy settings pointing to the ISA IP address and the port set to match the port configured for web proxy traffic in the ISA GUI. The ISA Server default port number for web proxying is 8080.

ISA Firewall client. The ISA firewall client is a separate application supplied with the ISA Server installation media that can be installed on each work station as required. The purpose of the ISA firewall client application is to pass all traffic to ISA server and to carry the user credentials of the looged-in user for applications that, by default, cannot do so. An example would be an FTP client application - FTP packets do not have the ability to carry the user credentials within the data stream; if the ISA Server firewall policy has been set to allowed authenticated users only to use ftp then ISA will receive the initial packets and review its rule base. After seeing that the rule requires authentication, it will deny the request and pass a request back to the client asking for authentication credentials for checking. A normal ftp client will not understand this request and so the packet will not pass further and the connection is denied. With the ISA firewall client installed, the ISA client sees this request for authentication from the ISA Server and will respond with the users credentials on behalf of the ftp application. ISA receives the response, checks against AD and then allows the traffic to pass (assuming the user was a member of the allowed AD group).

Keith Alabaster

Featured Post

Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Join & Write a Comment

Basic Overview of office 365 user portal
There are many cases found where ScanPST.exe fails to repair corrupt Outlook PST File. When user tries to repair PST using Inbox Repair tool and it throws below error: •      Inbox Repair tool does not recognize the file •      ScanPST.exe hangs in betwee…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month