لطفا منتظر باشید ...
Summary
A server is of little use without clients, but the ISA firewall is unusual in that there are a number of different ways a computer can be configured to act as an ISA client. In fact, there are three distinct ISA client types: the SecureNAT client, the Firewall client and the Web Proxy client. Determining which is most appropriate in a given situation depends on a number of factors, including the client operating system, the protocols that need to be supported, and whether it is desirable or feasible to install client software on the client computers.The SecureNAT client requires no software installation and no changes to the client computer's Web browser. By simply setting the client computer's TCP/IP settings so that the default gateway is that of the ISA firewall, any computer, running any popular operating system, can benefit from ISA Server 2004's firewall protections. This includes non-Microsoft operating systems such as Linux/UNIX and Macintosh, as well as older Microsoft operating systems, such as Windows 95, Windows 3.x and MS-DOS, which are not supported by the Firewall client software. All simple protocols are supported by SecureNAT, and even complex protocols can be supported by installing application filters on the ISA firewall. SecureNAT is the logical choice when you have a variety of different client operating systems that need ISA's protection, and the client systems need to access protocols other than HTTP/HTTPS or FTP.The Web Proxy client will also work with all operating system platforms, so long as a compatible Web browser (one that can be configured to use a proxy server) is installed. However, the Web Proxy client is much more limited in the protocols it supports; only HTTP/HTTPS and HTTP-tunneled FTP (FTP download) are supported. In many cases, this will be all that is needed, and indeed, this limitation acts as an extra security measure by preventing access to other applications. One advantage of the Web Proxy client over SecureNAT is its ability to authenticate with the ISA firewall (if the firewall requests credentials). SecureNAT clients are able to authenticate only with client applications that support SOCKS 5 and only if a SOCKS 5 application filter is installed on the ISA firewall machine.The Firewall client is the 'client of choice' for modern Windows client machines-or at least, it should be. It can be installed on Windows 98 and all subsequent Windows operating systems, and it supports all Winsock applications that use TCP/UDP, including those that require complex protocols. No application filters are needed, reducing administrative overhead on the server side. Best of all, the Firewall client allows you to take advantage of strong user/group-based access controls, as credentials are sent to the ISA Server for authentication without any special configuration or action required on the part of the client. The Firewall client also gives administrators more control via logging of user and application information.Client configuration problems are a common cause of access and security problems. However, configuring the Web Proxy client and installing the Firewall client don't have to be difficult or time-consuming. Both processes can be easily automated, and administrators have several automation methods from which to choose. DHCP servers can be configured to support Web Proxy and Firewall client autodiscovery, as can DNS servers. Installation can be automated via Group Policy or a silent installation script, or you can use the Internet Explorer Administration Kit (IEAK) to configure the Web proxy client. If you have Systems Management Server (SMS) on your network, you can use it to deploy the Firewall client.Selecting the correct client configuration and properly configuring the client computers is an essential ingredient in a successful deployment of ISA Server 2004, so it's important to understand the three client types and the step-by-step process for configuring each before you install your ISA Server.
