In this tutorial I will show you why it is sometimes useful to change the out going web listener, and where you can change it. A listener is a port on the ISA server that is listening for TCP (transmission control protocol) connections. ISA server is configured by default to listen on port 8080 but most of the organizations I have dealt with are upgrading from either Microsoft Proxy or from another type of Fire walling product and they have quite a few web proxy clients that have a hard coded proxy setting within their Internet explorer browser.
To get to the window displayed above Click tools > Internet options > Select Connections > Then select (LAN) settings. To check what ports are listening on your ISA server you can use the built in command line utility called netstat. Netstat displays current TCP/IP protocol connections and statistics and is useful in seeing what machines are connected to your ISA server and which TCP/IP protocols the machines are using on what ports.
To configure the listener on the ISA server you must Right click on the ISA server computer picture in the ISA MMC.
To change the default listener port is quite simple. In the TCP port: dialog box type in the desired port number. In this example I have used port 80. Using the same window you can also change the SSL listener port. Most browsers use port 443 so I have left the port as the default port used. You can also configure Incoming Web Request in much the same way. The listeners IP address is also configured in this window. This is typically the Internal NIC of the ISA server if you are configuring Outgoing Web requests. Please note that you need to restart the Web Proxy service after changing the port number. I like to restart the whole machine I have always done this so I normally (bounce the box). Summary: I have seen quite a few ISA installations with different outgoing port numbers. I would not recommend you changing the port number based on a security basis. What I mean by this is so that no one will guess what port the ISA is doing web proxy on. There are lots of sniffers out there that tell you what ports are listening. I would recommend you rather keep the port to the default port as everything seems to work better that way, then again its personal preference. |