Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to bypass the Web Proxy service in ISA Server 2004, in ISA Server 2006, or in Forefront Threat Management Gateway, Medium Business Editor


View products that this article applies to.

Introduction

This article describes the work theory of the Web Proxy filter. It provides the following information:
  • How to configure the Web Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2006, in ISA Server 2004, or in Microsoft Forefront Threat Management Gateway, Medium Business Edition by unbinding the Web Proxy application filter for SecureNAT and Firewall clients.
  • How to troubleshoot Web proxy traffic in ISA Server 2004.

↑ Back to the top


More information

In ISA Server 2004, in ISA Server 2006, or in Forefront Threat Management Gateway, client Web requests are handled by the Web Proxy filter. This filter works at the application level on behalf of clients residing in networks that are behind an ISA Server-based server that requests HTTP and Secure Hypertext Transfer Protocol (HTTPS) objects.

Web proxy client requests from client computers that have ISA Server specified as a proxy server in the browser settings are passed to the Web proxy filter.

By default, the predefined HTTP protocol for SecureNAT and firewall clients is bound to the Web Proxy filter. ISA Server intercepts Web requests from these clients and passes them to the Web Proxy filter for transparent handling. This is known as transparent network address translation (NAT).

When you apply NAT, a global IP address that is valid on the Internet is substituted for the internal IP address of the client request that helps to give enhanced protection to internal addresses.

In some scenarios you may not require this transparent NAT behavior. To disable this setting for SecureNAT and Firewall clients, you can unbind the predefined HTTP protocol from the Web proxy filter.

For more information about how to unbind the predefined HTTP protocol from the Web proxy filter, see the product online help. To unbind the predefined HTTP protocol from the Web proxy filter in ISA Server 2006 or in Forefront Threat Management Gateway, follow these steps:
  1. Start the ISA Server Management tool or the Forefront Threat Management Gateway Management tool. To do this, click Start, point to All Programs, point to Microsoft ISA Server or Microsoft Forefront Threat Management Gateway, and then click ISA Server Management or Forefront Threat Management Gateway Management.
  2. Expand the ISA Server computer, and then click Firewall Policy.
  3. In the right pane, click the Toolbox tab, and then click Protocols.
  4. In the list of protocols, expand Common Protocols, right-click HTTP, and then click Properties.
  5. In the HTTP Properties dialog box, click the Parameters tab.
  6. Click the clear the Web Proxy Filter check box, and then click OK.
  7. Click Apply to save the changes to the firewall policy, and then click OK.
For more information about how to troubleshoot Web proxy traffic in ISA Server 2004, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB838708, kbhowto, kbfirewall, kbisa2006swept

↑ Back to the top

Article Info
Article ID : 838708
Revision : 8
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 512