Microsoft Internet Security and Acceleration Server 2004 SDK

About the Firewall Client

You can install Firewall Client software on client computers that run Microsoft® Server™ 2003, Windows® XP, Windows 2000, Windows NT® 4.0, Windows Millennium Edition (Me), Windows 98, or Windows 95. On Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0, 16-bit Winsock applications are supported.

The Firewall client component is layered on top of the original Winsock implementation. In platforms that support Winsock 2.0, the client is a layered service provider (LSP). On other platforms, the client setup application renames the original Winsock dynamic-link library (DLL), Wsock32.dll, and installs its own implementation of Wsock32.dll.

The Firewall client communicates with the Microsoft Firewall service by using a dedicated connection called the Firewall service control channel. The control channel connection is established the first time it is needed.

When a client application calls a Winsock function, the client DLL intercepts the call and determines, based on the specified request and the Firewall service configuration files, whether the call is local or remote. Local calls are passed to the original Winsock implementation. Remote calls are redirected to the Firewall service.

When a function call is redirected to the proxy, the client component sends a request through the control channel to the Firewall service and waits for a response. The Firewall service checks the request against the ISA Server policy, processes the request on behalf of the client, and returns a reply through the control channel. The reply is then processed by the Firewall client, and translated to a Winsock error code in case of failure.

The remote Firewall Client software supports basic Winsock 1.0 and Winsock 2.0 functionality. However, the following limitations should be noted: