Showing results for 
Search instead for 
Did you mean: 

Replacing MS ISA proxy with IronPort WSA proxy - ISA firewall client?


Replacing MS ISA proxy with IronPort WSA proxy - what about the ISA firewall client?

Does Cisco have an equivalent of the Microsoft ISA Firewall Client?

How does WSA handle complex protocols (such as ftp) through the proxy server?

5 Replies 5

Ken Stieers
VIP Advisor VIP Advisor
VIP Advisor

No, there isn't a client.  You can set the WSA to auth the users, either they get challenged (using LDAP for auth), or you can join the WSA to the domain and it will happen via NTLM.  Browers that don't do NTLM will get a challenge...

I'm not sure what exactly you're asking about FTP.

FTP over HTTP is handled by the HTTP proxy.  There's also a full native FTP proxy on the WSA.

In the Online Help there's a pretty detailed page... Contents>Web Proxy Services>Working with FTP connections


Ken, thanks for the input.

FTP was a bad example.

ISA allows you to use RDP through the proxy if you have the firewall client installed on PC.

Do you know of a 3rd party product that will do the same for Cisco IronPort WSA proxy?

Thanks again for taking the time to reply.

Microsoft's ISA is a firewall, with proxy/web cache and some web filtering tossed in too.

The WSA isn't a firewall, and its not generlly depolyed in-line.  Usually you set up either PAC files or WCCP or Policy Based Routing to send HTTP, HTTPS, FTP traffic to it...  I don't send any RDP traffic at the WSA, it wouldn't know what to do with it...

Maybe we need to step back.... You are trying to replace the ISA web proxy with an WSA.. was the ISA your firewall too?

What other security gear is in place?  What are your requirements?

We are replacing MS ISA proxy servers with IronPort WSA S370 proxy servers.

We have several apps that make use the MS firewall client.

The MS firewall client enables HTTP-tunneling of TCP & UDP through the ISA proxy servers instead of going through firewalls.

These apps use various ports - and there are rules setup on the ISAs specifially for these apps and their ports.

Also we have serveral uses of RPD, telnet, and SSH using the firewall client to HTTP-tunnel through the proxy servers -- and these have  specific ISA rules setup for them too.

I can find HTTP-tunneling software - commercial and freeware - but can't find any that I think will work through the IronPort WSA S370 proxy servers.

Would like to find someone who has implemented HTTP-tunneling using IronPort WSA 370 proxy servers.

Thanks again for your input.


You should talk to your Cisco reseller, because I don't think that this is possible with a WSA.  It won't terminate any sort of http tunneling proxy client...  That's just not how it works.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers