Re: Apple Ichat through ISA Server 2006

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"Dave P" <DaveP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D953EE57-2300-4140-B452-D6F53D9A47BB@xxxxxxxxxxxxxxxx
Most of those types of things fail to interact with the proxy properly.
With
ISA it is much better to install the Firewall Client software and tell
iChat
to "not" use a proxy. This allows the Firewall Client to handle all the
proxy activity transparently on behalf of iChat.

Philip: I am not looking to get into a non-productive "back and forth"
with
you, but I am not aware of a firewall client for the Mac. If you know of
one, kindly point me to the site.

Nonproductive back-and-forth? All I am doing is explaining the
characteristics of how ISA works. That's what I do here. There was once a
Socks Client for MACs and I believe it only worked on the native MAC OS 9
and earlier, but probably not the new Linux based OS. This Client worked
with the old MS Proxy2 and was used mostly for running FTP Clients. I don't
believe there is anything that will work for ISA.

The Firewall Client would be required for TCP or UDP on 5678

I disagree. Our Macs are web proxy clients, not securenat and I am able to
provide access to dozens of applications.

The original thread was Dec 17, 2007, after that amount of time past and
hundreds of threads and posts later,...I managed to forget that we were
talking about a client with a MAC OS.

Ok, so, no matter the OS, Web Proxy Clients can use HTTP (any port), HTTPS
(443 only), and FTP (read-only, no uploads). That is based on the CERN
Compliant Web Proxy Standard (which ISA complies with) and is not anything
unique to ISA itself. Anything beyond that requires either the Firewall
[Winsock] Client (Windows OS only) or SecureNAT Clients (any OS but limited
to anonymous connection only).

The Web Proxy Service and the Firewall [Winsock] Service are limited to only
TCP or UDP. They are "proxy based" services.

The SecureNAT Service can do any protocols beyond TCP or UDP that is
"NAT-able" such as ICMP and GRE. This is a "NAT based" service and is not
capable of authentication so is limited to only "anonymous" Access Rules.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


.

Relevant Pages

  • Re: Site2Site VPN - Web page requests returns FWX_E_TERMINATING
    ... have?Firewall client or Web proxy clients?If you are using FWC is normal ... to use proxy locally and create an exception for your web site. ... in them,...this causes them to be interpreted by Internet ... Understanding the ISA 2004 Access Rule Processing ...
    (microsoft.public.isa.vpn)
  • RE: Force use of ISA Firewall Client
    ... You see three types of ISA 2004 firewall clients in ISA console, ... the system will use Web Proxy ... protocols, this need Firewall client. ...
    (microsoft.public.windows.server.sbs)
  • RE: Outbound VPN issue
    ... up by the firewall client application and then sent to the ISA server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Desktop from LAN not working
    ... I'm glad you resolve the RDP issue by disable ISA firewall client. ... Does this issue happen on all clients or only the XP sp3 client? ... Clear the current existing W3C logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 behind PIX problems
    ... Not running firewall client on wkstns nor do I plan to. ... new machine will be the current address of single nic ISA. ... Don't confuse the Nics when ...
    (microsoft.public.isa.configuration)