The ISA firewall's Firewall Client app is really the killer app of the ISA 2000 and ISA 2004 firewall. It's a real shame that so many people shy away from it, because its a key component to a strong outbound access control scheme. Without strong outbound access control, you might as well run a dumb packet filter router like a PIX!
Anyhow, the Firewall client from ISA 2004 can get a bit flakey. The reason for this is that it uses an encrypted connection between the Firewall client machine and the ISA 2004 firewall. The ISA 2004 firewall client can whack out when trying to connect to ISA 2000 and Proxy 2.0 machines because it uses only the TCP channel (TCP 1745) when connecting to the firewall. Proxy 2.0 expects to be able to use the UDP control channel, and at times ISA 2000 will want to use one too. You can fix this problem by adding the following Registry key on the Firewall client machines:
HKEY_LOCAL_MACHINE\Software\Microsoft\Firewall Client 2004\EnableUdpControlChannel = 1
That's your fact for the day. Now on to documenting for the ISA 2004/Exchange Kit the procedures required for putting together a unihomed ISA 2004 box to support reverse proxy for OWA and RPC/HTTP connections.
Laterz,
Tom
Posted
Apr 23 2004, 02:35 AM
by
shinder