Firewall Client Configuration via ISA Server

Configure Firewall Client application settings

To configure Firewall Client application settings

1. In the console tree of ISA Server Management, click General.
2. where?
   • Microsoft ISA Server 2004
   • Server_Name
   • Configuration
   • General
3. In the details pane, click Define Firewall Client Application Settings.
4. On the Application Settings tab, click New.
5. In Application, select an application or type a new application name.
6. In Key, type the name of a key.
7. In Value, type the value to set for the key.

Notes

• To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
• To remove an existing application setting, select it from Settings and click Delete.
• To modify an existing application setting, select it from Settings and click Edit.

The following table lists the entries that you can include when configuring the Firewall Client software application settings. The first column lists the keys that can be included in the configuration files. The second column describes the values to which the keys can be set. Note that some settings can be configured only on the Firewall Client computer; you cannot configure them using ISA Server Management.

Entry	Description
Disable	Possible values: 0 or 1. When the value is set to 1, the Firewall Client application is disabled for the specific client application.
Autodetection	(Can be set only on the Firewall Client computer.) Possible values: 0 or 1. When the value is set to 1, the Firewall Client application auatomaticlaly the ISA Server computer to which it should connect.
NameResolution	Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer.
LocalBindTcpPorts	Specifies a Transmission Control Protocol (TCP) port, list, or range that is bound locally.
LocalBindUdpPorts	Specifies a User Datagram Protocol (UDP) port, list, or range that is bound locally.
RemoteBindTcpPorts	Specifies a TCP port, list, or range that is bound remotely.
RemoteBindUdpPorts	Specifies a UDP port, list, or range that is bound remotely.
ServerBindTcpPorts	Specifies a TCP port, list, or range for all ports that should accept more than one connection.
ProxyBindIp	Specifies an IP address or list that is used when binding with a corresponding port. Use this entry when multiple servers that use the same port need to bind to the same port on different IP addresses on the ISA Server computer. The syntax of the entry is: ProxyBindIp=[port]:[IP address], [port]:[IP address] The port numbers apply to both TCP and UDP ports.
KillOldSession	Possible values: 0 or 1. When the value is set to 1, it specifies that, if the ISA Server computer holds a session from an old instance of an application, that session is terminated before the application is granted a new session. This option is useful, for example, if an application crashed or did not close the socket on which it was listening. By closing the old session, ISA Server immediately discovers that the application was terminated and can release the port used by the old session immediately.
Persistent	Possible values: 0 or 1. When the value is set to 1, a specific server state can be maintained on the ISA Server computer if a service is stopped and restarted and if the server is not responding. The client sends a keep-alive message to the server periodically during an active session. If the server is not responding, the client tries to restore the state of the bound and listening sockets upon server restart.
ForceCredentials	(Can be set only on the Firewall Client computer.) Used when running a Windows service or server application as a Firewall client application. When the value is set to 1, it forces the use of alternate user authentication credentials that are stored locally on the computer that is running the service. The user credentials are stored on the client computer using the Credtool.exe application that is provided with the Firewall Client software. User credentials must reference a user account that can be authenticated by ISA Server, either local to ISA Server or in a domain trusted by ISA Server. The user account is normally set not to expire; otherwise, user credentials need to be renewed each time the account expires.
NameResolutionForLocalHost	Possible values are L (default), P, or E. Used to specify how the local (client) computer name is resolved, when the gethostbyname API is called. The LocalHost computer name is resolved by calling the Winsock API function gethostbyname() using the LocalHost string, an empty string, or a NULL string pointer. Winsock applications call gethostbyname(LocalHost) to find their local IP address and send it to an Internet server. When this option is set to L, gethostbyname() returns the IP addresses of the local host computer. When this option is set to P, gethostbyname() returns the IP addresses of the ISA Server computer. When this option is set to E, gethostbyname() returns only the external IP addresses of the ISA Server computer-those IP addresses that are not in the local address table.
ControlChannel	Possible Values: Wsp.udp (default) or Wsp.tcp. Specifies the type of the control-channel used.