RE: ISA/Client fail over


Thank you for posting.

This is Lee and I am glad to meet you in the newsgroup.
Regarding this issue, first I wound like to clarify some concepts in more
detail for you

1. The default gateway is assigned by the DHCP server and it is not
ISA/Firewall client related at all.
The default gateway is one of the IP configurations. The client computer
will get the IP configuration from the DHCP server inlcuding the default.
There is no way fo us to change the default gateway on the ISA server's
side. This is not a configuration controlled by the ISA server.

2. Firewall client does not support automatically failover.
You will get notification in the system tray while the Firewall client
failed to connect to the ISA server.
Then you can change the ISA in the firewall client manually.

Then here are the answers to your questions:
Q1> Because of the bandwidth connecting some sites to the East and others
to the West we have a need to assign users to a specific gateway.
Again this is a DHCP setting and cannot be changed by the ISA/ISA firewall

Q2> In the event that one gateway fails/dies/whatever the clients
switch/failover to the other gateway and back when it becomes available
ISA firewall client does not control the gateway at all.
You do can change the ISA server settngs in the ISA firewall client, but it
will not fail over automatically.

Q3> we would like roaming users to be pointed to the correct gateway based
on their gegraphical location.
Again gateway is not controlled by the ISA.

Based on your description, it appears this is more a networking issue
instead of an ISA problem.
Default gateway is not controlled by the ISA and we cannot use ISA firewall
client to change the default gateway on the client computer.

Hope the above information helps. Have a nice day!


Lee Li
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:

If you are outside the United States, please visit our International
Support page:

This posting is provided "AS IS" with no warranties, and confers no rights.


Relevant Pages

  • RE: Force use of ISA Firewall Client
    ... You see three types of ISA 2004 firewall clients in ISA console, ... the system will use Web Proxy ... protocols, this need Firewall client. ...
  • RE: Outbound VPN issue
    ... up by the firewall client application and then sent to the ISA server. ...
  • Re: Remote Desktop from LAN not working
    ... I'm glad you resolve the RDP issue by disable ISA firewall client. ... Does this issue happen on all clients or only the XP sp3 client? ... Clear the current existing W3C logs. ...
  • Re: ISA 2004 behind PIX problems
    ... Not running firewall client on wkstns nor do I plan to. ... new machine will be the current address of single nic ISA. ... Don't confuse the Nics when ...
  • Re: Firewall problem
    ... Make sure that any client PC has to go through the ISA server to get to ... the router owned by your ISP (i.e. the Internet) first. ... your users will be able to bypass the your secure gateway and therefore ... INBOUND traffic though they can also provide OUTBOUND restriction and ISA ...