The Forefront Unified Access Gateway (UAG) Socket Forwarding component is used to support a wider variety of applications than the SSL Application Tunneling component, such as, applications that jump ports without the need to make changes to the running operating system.
The Forefront UAG Socket Forwarding component comprises two modules: Winsock2 Layered Service Provider (LSP) and Name Service Provider (NSP). When an application uses Winsock, Windows loads either the NSP module (when the application performs a name resolution), or the LSP module (when the application uses sockets to connect to a remote server).
The NSP and LSP modules intercept every networking activity performed by the application. Though this interception should not cause any problems and is completely transparent to the application, it is possible that the application will not function correctly because of the NSP or LSP interception.
To minimize the risk of potential problems, certain applications are included in the LSP and NSP modules' block list. Based on this list, the NSP and LSP modules can disable themselves, and stop intercepting network activities when they detect that the application within which they run, is on their block list. When disabled in this manner, the LSP and NSP modules do not enable access from this application to the corporate network.
 Tip: |
|---|
| When access to an application in the corporate network is blocked because it is included in the block list, users may still gain access to other application servers that reside on the local intranet or the Internet. |
The LSP and NSP modules contain two inherent application lists:
- Block list—Contains applications that
are known to be problematic. Access to these applications from
within the corporate network is always blocked, regardless of the
selected socket forwarding activation mode.
- Allow list—Contains applications for
which the LSP and NSP will always be active, regardless of the
selected socket forwarding activation mode.
Blocking of additional applications depends on the following socket forwarding activation mode, defined during application configuration:
- Basic—In this mode, none of the
applications that load the LSP or NSP modules are enabled access to
configured corporate resources, unless the Forefront UAG SSL
Application Tunneling component is running, and at least one tunnel
is open. In this mode, Windows services (non-interactive
applications) are not allowed access to configured corporate
resources, regardless of whether the SSL Application Tunneling
component is running or not.
- Extended—This mode is identical to the
Basic mode, except that Windows services are enabled access to
configured corporate resources.
- Virtual private network (VPN)—In this
mode, the LSP and NSP modules are always active in all
applications; that is, access is enabled to configured corporate
resources except for the applications listed in the block list.
Basic mode enables most applications to work via Forefront UAG, and is the recommended socket forwarding mode. For some applications, however, extended mode or VPN mode is required.
 Note: |
|---|
| You select the Socket Forwarding activation mode for an application when you configure the application. |