In the first few times, we talked about the "Firewall Client", "Secure NAT client Mode" in the three kinds of clients in Tmg/isa today, let's talk about the third type of client mode "Web Proxy client". So let's take a look at what the Web Proxy client sends the client application or computer's port to the server port.
1, port 80 on the ISA server computer.
2 the port that ISA server uses to listen for outgoing WEB requests from the network on which the client computer resides. By default, ISA server listens on port 8080 for outgoing WEB requests from clients on the internal network.
Typically, a Web proxy client is a Web browser application that complies with HTTP 1.1, and its proxy settings are configured to send Web requests to the ISA/TMG server. Firewall clients and SecureNAT clients that have configured Web proxy settings can also issue Web requests like Web Proxy clients.
Therefore, you can enable the default internal network of the ISA/TMG server and the user-defined internal and perimeter network to listen for requests from WEB Proxy clients. You can configure network properties that apply to all Web Proxy clients in your network. If the computer on which your Web browser resides does not have Firewall Client software installed, these settings apply when you enable automatic detection of Web browsers or configure the location of automatic configuration scripts for your Web browser.
Let's take a look at the options for Web browser settings that can be applied to Web Proxy clients.
| Set up | Location in ISA server Management | More information |
| Enable WEB Proxy client connections for this network | On the Web Proxy tab in the Network Properties page | Enable the network to listen for requests from WEB Proxy clients. |
| Do not use proxies for Web servers in this network | On the Web Browser tab in the Network Properties page | Specifies that the Web browser should directly access the Resources. |
| Direct access to the computer specified on the Domain tab | On the Web Browser tab in the Network Properties page | Specifies that the Web browser does not use a proxy for the target specified in the Domain tab of the Network property page. |
| Access these servers or domains directly | On the Web Browser tab in the Network Properties page | Specifies a list of domains and addresses that do not use proxies. You can also enable this setting in addition to not using a proxy for a target in the domain list specified on the Domain tab. When you add any targets in this list, you must specify both the IP address and the FQDN, or only the FQDN. For example, to configure the internal network for direct access, add the IP address range and the internal network domain name of the internal network. |
Note: When a browser sends a request to ISA Server, it will use the WPAD call (\http://wpad.dat) to locate the ISA Server or use it to the automatic configuration script location (by default, Http://ISAServer_Name:8080/array.dll ? Get.Routing.Script), save the specified list of directly accessed IP address ranges, computers, and site URLs in an automatic configuration script to be sent to a Web browser.
Finally, let's look at the Web Proxy filter:
First, the Web Proxy filter works at the application level, representing the clients that are requesting HTTP and HTTPS objects on the network protected by the ISA/TMG server. Such WEB requests benefit from the inspection and caching capabilities of the application tier, and these requests may come from multiple sources.
Where can these sources come from? We have been to see:
1, requests from the WEB proxy client. For Web Proxy clients that designate the ISA/TMG server as a proxy server in browser settings, the Web request (HTTP, HTTPS, or FTP used for downloading) is passed directly to the Web Proxy filter.
2. Requests from SecureNAT or firewall clients that are not configured as Web Proxy clients. By default, HTTP is bound to the Web proxy filter. With this setting, Web requests from clients that are not configured as Web Proxy clients are transparently passed from the Firewall service to the Web Proxy filter for processing. This is known as transparent NAT. When NAT is applied, internal addresses are protected by replacing the internal IP address of the client request with a valid global IP address on the Internet.
This article is from the "Clumsy birds have" blog, please be sure to keep this source http://tingdongwang.blog.51cto.com/1056852/689925
This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
