Improving Web Proxy Client Authentication Performance on ISA Server 2006

Does your ISA firewall seem pokey these days? Maybe you install ISA 2006 three years ago when you had only 300 users accessing the Internet through the firewall. Now your company has grown and you have over 2000 users connecting to the Internet through your firewall. You figured that the slow down wasimage related to the bandwidth used, but your Internet pipe isn’t near full utilization and your internal network run gigabit Ethernet and isn’t anywhere near capacity.

So what might be causing the problem? Maybe it’s authentication. Assuming that  you’re using your firewall to authenticate outbound access, the ISA firewall needs to authenticate all users accessing content when going through the firewall. That authentication traffic can pile up, and could possibly lead to what appears to be a poorly performing firewall.

The good news is that you can improve your Web proxy client authentication performance. The guys on the ISA firewall team have put together a great guide on how to improve Web proxy client authentication performance. You can find the article at:

In this article, they go through:

  • Evaluating your current authentication scheme
  • How NTLM works on Web proxy authentication
  • NTLM and heavy load authentication traffic
  • Multiple domains and the impact on authentication
  • Improving authentication performance with Kerberos

It’s a nicely put together article with plenty of diagrams to help you understand what’s happening on the wire.



Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top