You can install Microsoft® Internet Security and Acceleration
(ISA) Server 2006 on a computer that has one network adapter,
or for ISA Server Enterprise Edition, on an array of computers,
each of which has one network adapter. Typically, you would use a
single network adapter configuration when ISA Server is located in
the internal corporate network or in a perimeter network, and
another firewall is located at the edge connecting and protecting
corporate resources from the Internet. When installed on a computer
with a single network adapter, ISA Server supports the following
scenarios:
Forward Web Proxy requests using Hypertext Transfer Protocol
(HTTP), or Secure HTTP (HTTPS)
Cache Web content for use by clients on the corporate
network
Web publishing to protect published Web
Microsoft Office Outlook® Web Access 2003, Microsoft
Exchange ActiveSync®, and remote procedure call (RPC) over HTTP
publishing
When you install ISA Server on a computer with a single network
adapter, ISA Server is aware of only two networks: the Local Host
network that represents the ISA Server computer itself, and the
Internal network, which includes all unicast IP addresses that are
not part of the Local Host network. In this configuration, when an
internal client browses the Internet, ISA Server sees the source
and destination addresses of the Web request as belonging to the
Internal network.
Unsupported scenarios
When you install ISA Server on a computer with a single network
adapter, the following ISA Server features and scenarios are not
supported:
Multi-network firewall policy. In single network adapter
mode, ISA Server recognizes itself (the Local Host network).
Everything else is recognized as the Internal network. There is no
concept of an External network. Microsoft Firewall service and
application filters operate only in the context of the Local Host
network. (ISA Server protects itself no matter what network
template is applied.) Because the Firewall service and application
filters operate in the context of the Local Host network, you can
use access rules to allow non-Web protocols to access the ISA
Server computer.
Application layer inspection. Application level
filtering is not functional, except for Web Proxy Filter (for HTTP,
HTTPS, and FTP over HTTP).
Server publishing. Server publishing is not supported.
There is no separation of Internal and External networks, so ISA
Server cannot provide the network address translation (NAT)
functionality required in a server publishing scenario.
Firewall clients. The Firewall Client application
handles requests from Winsock applications that use the Firewall
service. This service is not available in a single network adapter
environment.
SecureNAT clients. SecureNAT clients use ISA Server as a
router to the Internet, and SecureNAT client requests are handled
by the Firewall service. Because the Firewall service is not
available in a single network adapter configuration, such requests
are not supported.
Virtual private networking. Site-to-site virtual private
networks (VPNs) and remote access VPNs are not supported in a
single network adapter scenario.
Important
You cannot configure a network adapter to use two IP addresses,
or a second network adapter that is disabled, as a way to use
multi-network features on a computer with a single network
adapter.
FTP is not supported in a single network adapter scenario. FTP
over HTTP is supported.
Get latest ISA Server content at ISA
Server Guidance.
Send
feedback about this page.