FW_H_CnfProxyPub

To configure proxy requests for a firewall policy rule

  1. In the console tree of ISA Server Management, click Firewall Policy.

  2. In the details pane, click the applicable publishing rule.

  3. On the Tasks tab, click Edit Selected Rule.

  4. On the To tab, select one of the following:

    • **Requests appear to come from the ISA Server computer—**The IP address making the request will appear to be the ISA Server computer. You hide the address of the client making the request.
    • **Requests appear to come from the original client—**The IP address making the request will appear to be the client. Some applications require actual identification by the real requesting client. When you publish these applications, you can configure ISA Server to forward requests with the IP address of the requesting (source) client.
  5. In the details pane, click Apply.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
To locate Firewall Policy in ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, and then click Firewall Policy.
To locate Firewall Policy in ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, and then click Firewall Policy.

Important

Some applications require identification by the requesting client. When you publish these applications, select the Requests appear to come from the original client option.
When you select the Requests appear to come from the original client option, ISA Server must be configured as the gateway for the published server. Alternatively, ISA Server can be configured as the default gateway for the IP address of the original client.
If you turn on the Requests appear to come from the ISA Server computer option, the ISA Server computer also replaces the source address of the incoming request. Therefore, the packets that are sent to the internal server have the source address of the ISA Server computer. This permits the IP routing configuration in these large networks to route the packets back to the ISA Server computer. The ISA Server can then use network address translation (NAT) to send the packets back to the original external host where the request originated.
The Requests appear to come from the ISA Server computer feature works only if the published protocol does not require an application filter. In other words, the feature works correctly if there are no secondary connections that are defined for the protocol. An exception to this rule occurs when you publish FTP and RPC servers that have application filters. FTP and RPC application filters support the Requests appear to come from the ISA Server computer option.
When you use Network Load Balancing on the external interface of the ISA Server computer, translation of the client source address permits server publishing to work correctly. Without this change, server publishing is not supported when you use Network Load Balancing on the external interface.
After you click Apply in the details pane, the policy is updated. The new policy applies only to new connections.

Concepts

CMT_H_MailWizard