Article ID: 295667 - View products that this article applies to.
This article was previously published under Q295667
This article describes how to allow connections to third-party Internet-based update services. The typical scenario that is addressed in this article is the connection to a software vendor update service from an update application that is connected to the Internet through Microsoft Internet Security and Acceleration Server (ISA) 2000. Update programs include, but are not limited to, programs that download software updates automatically (such as program updates, anti-virus updates, and so forth) or programs that connect to a service provider and update account information, such as Internet postage stamp programs, or Internet shipping management programs.
Requests to the Internet are recognized by ISA as HTTP requests and are sent to the HTTP redirector filter, which is enabled by default in Microsoft Small Business Server 2000. If the HTTP redirector is configured to forward requests to the Web Proxy, the Web Proxy in ISA evaluates the request based on the configuration for outgoing Web requests, protocol rules are checked, and then the Web Proxy authenticates the connection.
The information in this article is based on the following assumptions:
There are four different methods that you can use to open access on your ISA server for these connections. Use one of the following methods based on your specific network needs and requirements.
Method 1: Create an Allow Protocol RuleIf your network needs do not dictate the enforcing of rules by limiting users to specific sites, the simplest way to open up access is to create an "Allow All/All/All" rule. However, this type of rule effectively disables any deny rules and limits your ability to restrict users' Internet use on your network, but you may find this rule useful for troubleshooting.
To create an "Allow All/All/All" rule:
Method 2: Enable Basic Authentication for Outgoing Web RequestsIf you want to control access to certain users, and your browser and third-party application allow you to configure a proxy server and support basic authentication, you can enable basic authentication for Outgoing Web Requests:
Method 3: Grant Access to a Specified ComputerTo grant access to a specific computer, you have to enable ISA to pass this connection by creating a Client Address Set and a protocol rule that allows the specific protocols from the specific client computers (based on IP address):
Method 4: Forward All Requests to the InternetYou can configure the HTTP Redirector Filter to forward all requests directly to the Internet instead of passing them to the Web Proxy. This configuration causes these requests to not utilize the performance gains that are provided by the Web Proxy Cache. To do this: