Migrating Microsoft Proxy Server 2.0 configuration
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Most Microsoft Proxy Server 2.0 rules, network settings, monitoring configuration, and cache configuration are migrated to Microsoft Internet Security and Acceleration (ISA) Server during setup. This topic details how the configuration information is migrated.
Proxy chains
Mixed chains of Proxy Server 2.0 and ISA Server computers are supported.
Web Proxy client requests
Proxy Server 2.0 listens for client Hypertext Transfer Protocol (HTTP) requests on port 80, and ISA Server listens on port 8080 by default. Therefore, all downstream chain members (or browsers) connecting to ISA Server must connect to port 8080. You can also configure ISA Server to listen on port 80.
Publishing
Proxy Server 2.0 required that you configure publishing servers as Winsock Proxy clients. ISA Server allows you to publish internal servers without requiring any special configuration or software installation on the publishing server. Instead, the ISA Server treats the publishing servers as secure network address translation (SecureNAT) clients. Web publishing rules and server publishing rules, configured on the ISA Server computer, make the servers securely accessible to specific external clients. No additional configuration is required on the publishing server.
Cache
The Proxy Server cache configuration is migrated to the ISA Server computer, including cache drive specifications, size, and all other properties.
Proxy Server 2.0 cache content will not be migrated due to the vastly different cache storage engine in ISA Server. It will be deleted as part of ISA Server setup and the new storage engine will be instituted based on existing cache and drive settings.
Depending on the cache size, the deletion process may take some time.
SOCKS
ISA Server includes a SOCKS application filter, which allows client SOCKS applications to communicate with the network, using the applicable array or enterprise policy to determine if the client request is allowed. Migration of Proxy Server 2.0 SOCKS rules to ISA Server policy is not supported. For more information, see SOCKS filter.
Rules and policies
The table below lists how Proxy Server rules and other configuration information are migrated on the ISA Server computer:
Proxy Server 2.0 |
ISA Server |
---|---|
Domain filters |
Site and content rules |
Winsock permission settings |
Protocol rules |
Publishing properties |
Web publishing rules |
Static packet filters |
Allow or block IP packet filters |
Web Proxy routing rules |
Routing rules |
Policy elements are created, as necessary, for the new rules. Additional configuration information is also migrated: local address tables, automatic dial settings, alerts, log settings, and client configurations.
Web Proxy Service permissions are not migrated to the ISA Server configuration.
Authentication
ISA Server supports the following authentication methods: basic, digest, integrated Windows authentication, and client certificate. By default, when you install ISA Server, the integrated Windows authentication method is configured for Web requests. In Microsoft Proxy Server 2.0, anonymous and integrated authentication are enabled by default. Internet Explorer 5 supports integrated Windows authentication. However, other Web browser may support only the basic authentication method. In this case, no requests will be allowed, since the user cannot be authenticated. In other words, ISA Server will reject Web requests that were previously allowed by Proxy Server. You can configure basic authentication for all Web requests. For more information, see Configure authentication methods for Web requests for configuration instructions.
With Proxy Server, intra-array authentication was required when array members communicated with each other. Since ISA Server uses Kerberos V5 and system account authentication, intra-array authentication is not required.