FW client and other browser apps - 21.May2003 2:04:00 PM
I have a pc that has the fw client that connects over the internet to a remote citrix server. The problem is they have to connect to the WAN (which is a totally different connection)with IE to run another browser app, which doesn't need to go through the ISA server. Is there a way to circumvent the fw client for that app?
The client is setup as a webproxy client with a firewall client. The internet works fine, but we have a browser based app that needs to go out through the WAN gw. The client gw is set to the WAN router. I have a static route on the client that is supposed to route the app through the WAN, but it seems the firewall client will not let this happen. I'm guessing because the app is using the browser and the browser is locked into the firewall client. I set the advanced under proxy to bypass the address the app needs, but it doesn't work.
to understand how the client host should be configured, you must first understand on which layer in the TCP/IP protocol stack the different ISA client types works. Check out my article http://www.isaserver.org/articles/IPSec_Passthrough.html , section 4 'Configuring ISA Clients' for further info.
Assuming you *completely* trust the destinations reachable through the WAN, you should include those destinations in the LAT on ISA server. This will tell the Firewall client *not* to redirect those requests to the ISA server. Following the same logic, those destinations should also be configured for direct access in the Web Proxy configuration. How the default gateway should be set on the client is depending on your internal network structure. If you point the default gateway to the WAN router you don't need a static route.
Very informative article. Thanks. My default gateway on my client is set to the WAN ip. The browser is set to bypass isa for the WAN address considered local. The WAN ip is in the LAT. None of these has worked. I guess I'll try something else. Thanks!
you said "The browser is set to bypass isa for the WAN address considered local. The WAN ip is in the LAT." What do you mean with the WAN IP? It sounds like this is the IP address of the WAN router. If that's the case, it will not work.
Reread carefully my previous post. I told you to include the destinations reachable through the WAN in the LAT on ISA server and configure them for direct access in the Web Proxy configuration too. It should work this way!