Migrating Microsoft Proxy Server 2.0 configuration

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Most Microsoft Proxy Server 2.0 rules, network settings, monitoring configuration, and cache configuration are migrated to Microsoft Internet Security and Acceleration (ISA) Server during setup. This topic details how the configuration information is migrated.

Proxy chains

Mixed chains of Proxy Server 2.0 and ISA Server computers are supported.

Web Proxy client requests

Proxy Server 2.0 listens for client Hypertext Transfer Protocol (HTTP) requests on port 80, and ISA Server listens on port 8080 by default. Therefore, all downstream chain members (or browsers) connecting to ISA Server must connect to port 8080. You can also configure ISA Server to listen on port 80.


Proxy Server 2.0 required that you configure publishing servers as Winsock Proxy clients. ISA Server allows you to publish internal servers without requiring any special configuration or software installation on the publishing server. Instead, the ISA Server treats the publishing servers as secure network address translation (SecureNAT) clients. Web publishing rules and server publishing rules, configured on the ISA Server computer, make the servers securely accessible to specific external clients. No additional configuration is required on the publishing server.


The Proxy Server cache configuration is migrated to the ISA Server computer, including cache drive specifications, size, and all other properties.

Proxy Server 2.0 cache content will not be migrated due to the vastly different cache storage engine in ISA Server. It will be deleted as part of ISA Server setup and the new storage engine will be instituted based on existing cache and drive settings.

Depending on the cache size, the deletion process may take some time.


ISA Server includes a SOCKS application filter, which allows client SOCKS applications to communicate with the network, using the applicable array or enterprise policy to determine if the client request is allowed. Migration of Proxy Server 2.0 SOCKS rules to ISA Server policy is not supported. For more information, see SOCKS filter.

Rules and policies

The table below lists how Proxy Server rules and other configuration information are migrated on the ISA Server computer:

Proxy Server 2.0

ISA Server

Domain filters

Site and content rules

Winsock permission settings

Protocol rules

Publishing properties

Web publishing rules

Static packet filters

Allow or block IP packet filters

Web Proxy routing rules

Routing rules

Policy elements are created, as necessary, for the new rules. Additional configuration information is also migrated: local address tables, automatic dial settings, alerts, log settings, and client configurations.

Web Proxy Service permissions are not migrated to the ISA Server configuration.


ISA Server supports the following authentication methods: basic, digest, integrated Windows authentication, and client certificate. By default, when you install ISA Server, the integrated Windows authentication method is configured for Web requests. In Microsoft Proxy Server 2.0, anonymous and integrated authentication are enabled by default. Internet Explorer 5 supports integrated Windows authentication. However, other Web browser may support only the basic authentication method. In this case, no requests will be allowed, since the user cannot be authenticated. In other words, ISA Server will reject Web requests that were previously allowed by Proxy Server. You can configure basic authentication for all Web requests. For more information, see Configure authentication methods for Web requests for configuration instructions.

With Proxy Server, intra-array authentication was required when array members communicated with each other. Since ISA Server uses Kerberos V5 and system account authentication, intra-array authentication is not required.