Configuring the Web Proxy Client
The web proxy client is any system that has been configured to use a proxy for Winsock
applications. This is typically done in the client web browser settings, specifying the IP
address and port number that should be used to access the proxy server. From the ISA
server side, the web proxy configuration is performed by clicking Networks in the
management console to open the Networks configuration screen and then right-clicking
the internal network and selecting Properties, as shown in Figure 8-17.
Figure 8-17. Selecting the Internal Network Properties
[View full size image]
From the Internal Network Properties screen, select the Web Proxy tab and specify
whether to enable web proxy clients (by default, they are enabled) and define the port
number that the clients will connect on. You can click Authentication to define which
users will/will not be permitted access. Figure 8-18 shows the Web Proxy tab.
Figure 8-18. Web Proxy Configuration
Configuring the Firewall Client
Configuring the firewall client is a little bit more involved than the other client
configurations. First, the firewall client must be installed on the client computers. This
can be done in the following manners:
Via file sharing and manually running the installation
Via Active Directory Group Policy
Via silent installation scripts and integration with login scripts
Via Microsoft Systems Management Server (SMS)
During the firewall client installation, you must specify the ISA server that the firewall
client will get its configuration from. This step allows you to manage the firewall client
configuration at a single location, the ISA Server 2004 firewall itself, and ensure that all
firewall clients receive the same configuration settings.
On the ISA server itself, two general firewall client configuration tasks need to be
performed.
Step 1. Configure the general firewall client configurations settings.
Step 2. Configure the firewall client application settings.
The firewall client general configuration is performed in a similar fashion to the web
proxy client configuration. Just right-click the appropriate network in the management
console, choose Properties, and then select the Firewall Client tab, as shown in Figure 8-
19.
Figure 8-19. Firewall Client Tab
Doing so enables you to define settings such as the configuration script that should be
used and whether the client should use a proxy server. In addition, you can specify the
names of domains that the firewall client should not apply to by selecting the Domains
tab and entering the domain name.
The firewall client application settings can be configured by clicking General in the
management console then clicking Define Firewall Client Settings. Doing so launches the
Firewall Client Settings screen, as shown in Figure 8-20. On this screen, you can define
applications that will or will not be permitted to run on the client computer and how
permitted applications will be allowed to communicate on the network. An important
thing to keep in mind is that the application name is a constant; so if the users change the
name of the application (for example, from kazaa.exe to happy.exe), the firewall client
settings no longer apply, because the application name no longer matches the name that
was defined. An alternative is to use third-party products that integrate with Microsoft
ISA Server 2004.
Figure 8-20. Firewall Client Settings Screen
Caching Web Data
Configuring the firewall to cache web data is a straightforward process. In the
management console, navigate to the Cache screen, right-click the server, and choose
Properties to launch the Server Cache Properties screen, as shown in Figure 8-21. Notice
how the Cache icon has a red arrow pointing down, denoting that caching is not currently
enabled.
Figure 8-21. Launching the Cache Properties Screen
[View full size image]