Fun Facts About the Session Tab in 2006 ISA Firewall Monitoring
- ISA Server 2006 does not separate session counters for all clients.
- Web Proxy client sessions have a corresponding SecureNAT session. There is one SecureNAT session for all Web Proxy client sessions from a particular computer.
- Firewall clients have a corresponding SecureNAT session. For a computer with Firewall Client installed, there will be a SecureNAT session, as well as a Firewall client session, for that computer.
- If a computer has both Web Proxy and Firewall client sessions, there will be only one SecureNAT session for it, because it is defined per computer.
- A connection between two computers through the firewall can only belong to one session. This design affects how server publishing rule connections are displayed in the sessions list. A session is shown between the published server and the ISA Server computer. Client connections to this published server are associated with the session between the published server and ISA Server, and do not show as separate sessions.
- When ISA Server does not require authentication, all traffic from the same IP address is considered to be a single session. For example, if a Web browser opens more than one TCP connection to the same IP address, ISA Server considers the connections to be a single session.
- Web Proxy client sessions indicate the last minute of Web browser activity, even if the client is not currently browsing.
- When IP routing is disabled, traffic from users and IP addresses is listed on the Sessions tab. When IP routing is enabled, only sessions from traffic that passes using an application filter are listed. (I have no idea what this means, since sessions not related to app filters do appear in the console)
A summary of the sessions for each client type, and the total sessions, is displayed on the Dashboard.
And when you use the Firewall client, you'll see this info -- your "hardware" firewall doesn't give you this info!