ISA Clients, What are reasons to use the firewall client?

microsoft.public.isa.clients - Microsoft Internet Security and Acceleration


ISA Clients >> What are reasons to use the firewall client?

by R3JlZw » Fri, 07 Nov 2008 23:20:07 GMT

I'd like to see what the ISA Firewall Client would provide as far as benefits
in the following scenario...

LAN network protected by ISA, various items published through it:
SharePoint, Exchange 2007, OWA, etc

External clients with laptops on the domain currently don't use ISA client,
and published apps work fine.

What would the ISA Firewall Client improve, if anything?

Thanks for any info,
Greg
Top

ISA Clients >> What are reasons to use the firewall client?

by Phillip Windell » Sat, 08 Nov 2008 00:25:39 GMT



For Laptops that leave the building,...if you ever expect things to work
like it should you need to configure the LAN for Automatic Proxy Detection
via WPAD,...using both DHCP and DNS.

All machines that ever operate with browser proxy settings or with the
Firewall Client software need to use autodetection. If you don't you, will
never get the flexability you will need.


The 3 "Client Types" all have different abilities and limitations,...you
have to use all 3 types at the same time for full functionality.

Internal Client Concepts in ISA Server 2006
http://technet.microsoft.com/en-us/library/bb794762.aspx


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436 (TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433 (TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
Top

ISA Clients >> What are reasons to use the firewall client?

by R3JlZw » Sat, 08 Nov 2008 00:42:03 GMT

Hey Phillip, thanks for the reply.

So for internal clients it seems there are lots of options and configuration
details.
But for EXTERNAL clients, which pretty much is the only item I am focusing
on now, there is no ISA client needed, nor benefits to gain from installing
any plug-ins?
Top

ISA Clients >> What are reasons to use the firewall client?

by Phillip Windell » Sat, 08 Nov 2008 02:55:11 GMT


There is really no such thing as an external client,...ISA's "services" are
not exteneded to external machines beyond Publishing services. If you mean
Remote Access VPN Clients,...they are not external,...physical geography
doesn't mean anything. VPN Clients are a "type" of internal client in the
sense that they can use ISA client services, but they exist in their own
special logical network called "VPN Clients Network" within the ISA.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Top

ISA Clients >> What are reasons to use the firewall client?

by R3JlZw » Sat, 08 Nov 2008 03:11:02 GMT

OK, I guess that answers it, thanks.

Assumption: for laptops connecting remotely to ISA published applications,
there is no benefit/need to install the ISA Firewall Client on those laptops.
Top

ISA Clients >> What are reasons to use the firewall client?

by Phillip Windell » Sat, 03 Jan 2009 05:10:24 GMT

jan" < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...

It is not a matter of "improving" anything. It is a matter of
functionality,...something working -vs- something not working.

Web Proxy Clients. This one is not a machine, it is an
Application,...typically it is a Web Browser, but can be any application
that operates on the same principles as a web browser and either has its own
"proxy settings" or can "borrow" from the Browser's proxy settings. The Web
Proxy Service on ISA is a CERN Compliant Web Proxy Service and follows the
CERN implementation of such. It will handle only the following Protocols:
HTTP, HTTPS, FTP-over-HTTP (downloads only, no uploads), and Gopher.
The Web Proxy Service is capable of authenticating users to determine
access.

Firewall Client (aka. Winsock Proxy Clients). This one is also not a
machine, it is an Application,...any Application that communicates over
Winsock using either TCP or UDP. It is based on the standard of a Winsock
Proxy Service. It can use only protocols that are based on TCP or UDP. It
will not do ICMP, GRE, etc. IT is capable of authenticating users to
determin access. It operates transparently via the Firewall Client software
(formerly the Winsock Proxy Client software) which runs as a Winsock Layered
Service Provider. This allows any Application to use it without being
"aware" that it is usung a "proxy". The Firewall Client software also acts
as an Application Filter by managing the communication session of even
complext Protocols which would otherwise fail.

SecureNAT Clients. This type is the opposite of the others,...it is not an
Application,..it is the client machine itself. This operates in the same
manner as typical Hardware Firewalls by just simply having the ISA within
the "routing path" between the Client and the Internet. This one can work
with Protocols beyond TCP and UDP, such as ICMP and GRE. However for
complex Protocols it requires an Application Filter to be installed on the
ISA for the particular Protocol. It is also limited by the fact the it
cannot authenticate users, so all comunication is anonymous. It operates
primarily at Layers3&4.

Internal Client Concepts in ISA Server 2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


Top

ISA Clients >> What are reasons to use the firewall client?

by R3JlZw » Sat, 03 Jan 2009 06:11:01 GMT

Thanks for that lengthy explanation of the different types of protocol
communication that applications may/may not have here, but I am just trying
to get a simple answer to a simple question. I am thinking I don't need the
answer any longer, but just have never installed the ISA Firewall Client, and
figured maybe it would be useful.

I want to know that for publishing Outlook Anywhere, OWA, SharePoint, and
similar items... does this ISA Firewall Client help in anyway?

Basically a yes or no is all I'm now looking for. If no, then I will be
perfectly happy.
Top

ISA Clients >> What are reasons to use the firewall client?

by jan » Sat, 03 Jan 2009 07:18:33 GMT


benefits
client,
Top

ISA Clients >> What are reasons to use the firewall client?

by Phillip Windell » Sun, 04 Jan 2009 01:06:32 GMT


You may not think so now, but it is important to know what the three types
really are, how they really work, and what their real capabilities are in
order to determine if you really need them for anything.


Publishing has nothing to do with Client Types because the "client" in a
publishing scenario is the user out on the Public Internet. However the
Machine hosting the Published Service is almost always a SecureNAT Client.

So,....No,...you don't use the Firewall Client on the OA, OWA, SharePoint
Server


There ya' go...

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436 (TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433 (TechNet.10).aspx

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
Top
Similar Threads

1. FTP client access issues using firewall client - ISA Configuration

2. Citrix client receives 403 error when using firewall client to ISA 

I have added a new Citrix server to my farm.  For some 
reason, whenever users attempt to access a web site 
through ISA using the firewall client, they receive a 403 
error denying them access to the site (all sites on the 
Internet).  When browsing the web at the console on the 
SAME server, I have no problems.  Also, none of the other 
servers in the farm with the same configuration have this 
issue.  

HELP!! Thanks :)

3. Allowing certain applications to bypass ISA using Firewall Client - ISA Clients

4. FTP dir-list problems by using Firewall Client ISA 2000 

Clients who have ISA server 2000 Firewall Client configured in their 
computers, have reported that they have problems for listing files when they 
connect to some FTP sites. In other sites it doesn't happen. No matter what 
ftp client they use, this behavior repeats itself. 

I verified this by accessing to a site where the problem appears and I 
realized that when I connect directly (without using firewall client) I can 
list files, which doesn't happen when I connect through Firewall Client.

Why could this happen for some sites?

Does anybody know how to correct this?

Thanks forward for your help.

5. ISA client behind ISA firewall using cisco VPN to esablish telnet - ISA Clients

6. Using Firewall Client outside network 

We have notebooks running Firewall Client. They work correctly when they are
in ISA Network. I wanted to know if it were possible to configure the ISA
firewall client in stand-alone mode (not connect to ISA Server)?

Tanks

Vignus

7. windows update failed using ISA firewall client - ISA Clients

8. windows update failed using ISA firewall client