About the Socket Forwarding component

Published: January 11, 2010

Updated: February 1, 2010

Applies To: Unified Access Gateway

The Forefront Unified Access Gateway (UAG) Socket Forwarding component is used to support a wider variety of applications than the SSL Application Tunneling component, such as, applications that jump ports without the need to make changes to the running operating system.

The Forefront UAG Socket Forwarding component comprises two modules: Winsock2 Layered Service Provider (LSP) and Name Service Provider (NSP). When an application uses Winsock, Windows loads either the NSP module (when the application performs a name resolution), or the LSP module (when the application uses sockets to connect to a remote server).

The NSP and LSP modules intercept every networking activity performed by the application. Though this interception should not cause any problems and is completely transparent to the application, it is possible that the application will not function correctly because of the NSP or LSP interception.

To minimize the risk of potential problems, certain applications are included in the LSP and NSP modules' block list. Based on this list, the NSP and LSP modules can disable themselves, and stop intercepting network activities when they detect that the application within which they run, is on their block list. When disabled in this manner, the LSP and NSP modules do not enable access from this application to the corporate network.

When access to an application in the corporate network is blocked because it is included in the block list, users may still gain access to other application servers that reside on the local intranet or the Internet.

The LSP and NSP modules contain two inherent application lists:

  • Block list—Contains applications that are known to be problematic. Access to these applications from within the corporate network is always blocked, regardless of the selected socket forwarding activation mode.

  • Allow list—Contains applications for which the LSP and NSP will always be active, regardless of the selected socket forwarding activation mode.

Blocking of additional applications depends on the following socket forwarding activation mode, defined during application configuration:

  • Basic—In this mode, none of the applications that load the LSP or NSP modules are enabled access to configured corporate resources, unless the Forefront UAG SSL Application Tunneling component is running, and at least one tunnel is open. In this mode, Windows services (non-interactive applications) are not allowed access to configured corporate resources, regardless of whether the SSL Application Tunneling component is running or not.

  • Extended—This mode is identical to the Basic mode, except that Windows services are enabled access to configured corporate resources.

  • Virtual private network (VPN)—In this mode, the LSP and NSP modules are always active in all applications; that is, access is enabled to configured corporate resources except for the applications listed in the block list.

Basic mode enables most applications to work via Forefront UAG, and is the recommended socket forwarding mode. For some applications, however, extended mode or VPN mode is required.

You select the Socket Forwarding activation mode for an application when you configure the application.