From Dr. Tom Shinder's Configuring ISA Server 2004

Web Proxy Chaining as a Form of Network Routing

Web Proxy Chaining is a method you can use to forward Web Proxy connections from one ISA firewall to another ISA firewall. Web Proxy chains consist of upstream and downstream ISA firewalls. The upstream ISA firewalls are those closer to the Internet connection, and the downstream ISA firewalls are those further away from the Internet connection. Downstream ISA firewalls forward Web Proxy requests to upstream ISA firewalls. The first ISA firewall in the Web Proxy chain is the one closest to the Internet and the one responsible for obtaining the Internet content.

Web Proxy Chaining is useful in a number of scenarios.

  • Branch office ISA firewalls can be chained to upstream ISA firewalls at the corporate office.

  • Departmental ISA firewalls, which protect department-specific networks within the organization can be chained to upstream ISA firewalls located on a network services segment or upstream ISA firewalls that are directly connected to the Internet.

  • ISPs or large corporate customers can chain downstream ISA firewall Web caching arrays with upstream ISA firewall or ISA firewall Web caching array.

The advantage of using Web Proxy chaining is that you can reduce the overall bandwidth utilization on both the Internet link and all links between the downstream and upstream ISA firewalls in the Web Proxy chain. Figure 4.59 shows an example of a Web Proxy chain and the flow of information through the chain.


Figure 4.59: WebProxyChaining.vsd
  1. A client on a protected Network behind an ISA...

Copyright Syngress Publishing, Inc. 2005 under license agreement with Books24x7

Products & Services
Network Firewalls
Network firewalls protect computer networks against unauthorized use or attack. They permit or deny access to private network devices and applications, and represent an important part of an organization's overall security policy. Firewalls may be software applications, hardware devices (such as routers), or a combination of both. They include turnkey products that are relatively easy to install as well as complex, multi-layer installations that require the expertise of a certified network administrator. 
Network Security Services
Network security services determine vulnerability of networks to outside intruders, as well as maintain anti-viral and firewall updates and usage.
Network Security Software
Network security software includes everything from remote access protection to firewall and security appliance solutions to email security to web filtering, monitoring, bandwidth protection, and all elements of computer network security/computer security.
Security Software
Security software programs are used to restrict access to data, files and users on a computer or server.
Communications Software
Communications and network software is used for the setup and management of digital communication networks such as LAN and WAN computer networks, electronic mail, FAX, audio and video networks, wireless communication systems, etc.

Topics of Interest

Firewall Chaining as a Form of Network Routing Firewall chaining is similar to Web Proxy chaining. In a Firewall chaining arrangement, the downstream ISA firewall is configured to be a Firewall...

Solutions Fast Track Configuring the Server for Outbound Access Several elements determine how outbound requests for Internet resources are handled. These elements can be broken down roughly into...

Summary In this chapter we focused on the ISA firewall s networking capabilities. As a prelude to the discussion, we went over our concept of how the ISA firewall fits within an existing corporate...

Network Configuration Settings ISA Server network configuration settings that influence outbound access controls include the following: Routing SecureNAT and firewall client requests Routing Web...

This Appendix will provide you with a quick, yet comprehensive, review of the most important concepts covered in this book. Chapter 1: Introduction to Microsoft ISA Server What Is ISA Server?...