Microsoft Internet Security and Acceleration Server 2000

About the Firewall Client

You can install Firewall client software on client computers that run Microsoft® Windows® Millennium Edition (Me), Windows 95, Windows 98, Windows NT® 4.0, or Windows 2000. 16-bit Winsock applications are supported, but only on Windows 2000 and Windows NT 4.0.

The Firewall client component is layered on top of the original Winsock implementation. In platforms that support Winsock 2.0, the client is a layered service provider (LSP). On other platforms, the client setup application renames the original Winsock DLL (wsock32.dll) and installs its own implementation of wsock32.dll.

The Firewall client communicates with the Firewall service by using a dedicated connection called the Firewall service control channel. The control channel connection is established the first time it is needed.

When a client application calls a Winsock function, the client DLL intercepts the call and decides based on the specified request, and the firewall service configuration files, whether the call is local or remote. Local calls are passed to the original Winsock implementation. Remote calls are redirected to the firewall service.

When a function call is redirected to the proxy, the client component sends a request through the control channel to the Firewall service and waits for a response. The Firewall service checks the request against the ISA Server policy, processes the request on behalf of the client, and returns a reply through the control channel. The reply is then processed by the Firewall client, and translated to a Winsock error code in case of failure.

Note  The remote Firewall client software supports basic Winsock 1.0 and Winsock 2.0 functionality. However, the following limitations should be noted: