Configuring Application Filters That Affect Outbound Access
ISA Server includes a group of application filters that listen to inbound and outbound connections and can influence communications intercepted by the application filters. These filters are registered with the Firewall Service and therefore are dependent on the Firewall Service. Application filters are not available for ISA servers that are installed in Web proxy (cache mode) only. The built-in application filters can
examine and influence both inbound and outbound access. In this section, we focus on the application filters that affect outbound access. Filters that mainly influence inbound traffic are covered Chapter 9 on configuring ISA Server s firewall features.
FTP Access Filter
The FTP access filter provides a full range of FTP services to SecureNAT clients. This filter manages secondary connections on the behalf of SecureNAT clients and makes it possible to use secondary connections without having to create protocol definitions that support secondary connections. The FTP access filter works for both internal clients attempting to access an external FTP server and for external clients attempting to access an internal FTP server.
Note that this application filter provides functionality for FTP clients that send a PORT command to the destination FTP server. The application filter intercepts the information contained in the PORT command and dynamically opens the required back channels for the FTP server to send back the requested data. Without the FTP application filter, the SecureNAT client using a standard FTP client application will not be able to access an FTP server.