| Microsoft Internet Security and Acceleration Server 2004 SDK |
ISA Server 2004 handles data transfer on two levels. On the lower level, the kernel-mode packet engine can block or allow traffic based on previously defined rules. It can also pass packets to the higher level, which is the user-mode Microsoft Firewall service, for rule-engine decision making and deeper data inspection. ISA Server application filters are implemented as in-proc COM server DLLs that run in user mode, in the process space of the Firewall service.
Application filters work with the Firewall service to intercept and process data. Application filters can access the data stream or datagrams associated with a session within the Firewall service by hooking on the Firewall service connections. The filters are registered with the Firewall service and act according to events detected by the service. An application filter can perform protocol-specific or system-specific tasks, such as authentication and checking for viruses.
This section contains the following topics, which are best read in sequence: