Enabling Firewall Clients for Direct Access

  • Article

Enabling direct access for Firewall clients configured as Web Proxy clients consists of the following:

  • In ISA Server Management, specify the list of IP address ranges, computers, and site URLs that should be accessed directly by the clients. The specified list is sent to the Web browser in the automatic configuration script when the browser makes a request to ISA Server either for automatic discovery (using https://wpad.dat) or to the https://ISAServer_Name:8080/array.dll?Get.Routing.Script URL, which returns configuration settings.
  • If Internet Explorer is not already configured on Firewall client computers, you can configure Web Proxy client settings for Firewall clients in ISA Server Management. These Web browser configuration settings are applied when Firewall Client software is installed on the client computer, or when Firewall Client configuration settings are updated (every six hours by default).
  • If Firewall Client is installed and you specify sites for direct access by Web Proxy applications, Firewall Client can still handle authentication requirements on access rules. Firewall Client can pick up the traffic transparently and authenticate with ISA Server on behalf of the Web Proxy application.
  • You can restart client computers, or click Detect Now in the Firewall Client dialog box to refresh client computers with updated settings.
  • Computers with Firewall Client installed have settings for each application that specify whether ISA Server does name resolution on behalf of the client. When you specify domains and computers for direct access on the Domains tab, Firewall client computers will attempt to resolve the name without going through ISA Server. Client computers will need a DNS server specified in the TCP/IP parameters so that they can resolve names correctly. In particular, they must be able to resolve the name of published resources to an internal IP address.