On ISA Server, it is said, that either SecureNAT , either the firewall Client can be used. Thanks to the white paper and other documents, i was able to allow clients to use ISA Server with the firewall client. I also allow clients to use ISA as a proxy server, this without installing the firewall software. But proxy, is just for http or other parameters in InternetExplorer. What i understood about ISA Server, is that if clients do not use firewall client software, they are SecureNAT clients and every request sould be translated if the gateway parameter in IP configuration is correctly put. Can someone tell me how to use that functionality?
Your clients IP addresses would consists of private address like 192.168.0.1-255. One of these address would be used for the internal NIC address of ISA, let's says it's 192.168.0.1 and the external NIC address would be one that your ISP assigned to you, let's say 188.8.131.52. Your internal client's gateway would be set to 192.168.0.1 which, when the client tries to access a host, let's say for a web page, and it determines that the host is not on the local subnet, it will go thru ISA. The open port communication would be between ISA and the internet only and would then return the requested info back to the client via port 8080, or whatever you configure. This is a NAT scenario. There are no open port to port communications between the client and the remote host on the internet.
The firewall client scenario would be the same configuration but this scenario allows port communications between the client an the internet. Let's say you publish your mail server with the Publishing Wizard. After doing so, you'll see the server's internal address showing up under Sessions as a Winsock session. This would be needed since the mail server uses other ports when sending and receiving. Thus "publishing" the server, set's it up as a firewall client allowing it to send and receive information on specific ports.