Connecting the world…

directly

ISA 2006 Web Chaining

ISA Web Chaining rules define how traffic will be handled by the proxy server. Web request to specific destination can be handled in different ways by ISA:

  1. Retrieve directly from the destination / internet;
  2. Forward to an upstream proxy server;
  3. Redirect the request to a specific server / web page;

The most popular use for Web Chaining is to chain branch office ISA firewalls with main office ISA firewalls. But also combining two ISP connections is a commonly used scenario for Web Chaining. I often use Web Chaining from ISA server with some kind of upstream proxy server. A lot of organizations use ISA as proxy server and some kind of dedicated appliance (maybe in DMZ environment) as content scanner.

With Web Chaining you can forward all request to the upstream proxy server, which will retrieve the specified destination from the internet. Specific website could have problems with being forwarded to the upstream server. I normally use Web Chaining to directly retrieve these website from the internet without being forwarded to the upstream proxy.

To create a Web Chaing Rule, open the ISA Management Console and navigate to Networks. In the center of the Management Console you will find a tab called Web Chaining. The default Web Chaining rule is configured to forward all request to an upstream proxy server.

The following screenshots tell you how to configure an additional Web Chaining rule to directly retrieve the destination (www.4ip.nl) from the internet.

create_wct Start the creation of a Web Chaining rule by clicking on Task – Create new Web Chaining rule.

This will start the New Web Chaining Rule Wizard.

Enter a valid name for the newly created Web Chaining Rule.

destination_wct Select the destination to which this Web Chaining Rule will apply.

I configured an URL set containing the URL: http://www.4ip.nl/*

action_wct On the Request Action page, you configure how you want the Web requests to that particular destination routed by the ISA firewall.

The default setting is to route the request directly to the destination Web site. This is exactly what I would like to accomplish.

The last step is Finishing the New Web Chaining Rule Wizard.

The newly created Web Chaining Rule is placed above the Default Web Chaining rule in the Web Chaining tab. The rules are matched sequentially, so now all traffic matching the configured URL set will be retrieved directly from the internet. All other traffic will be forwarded to the upstream proxy server.