Advanced configuration file settings
The user on the Firewall Client computer can create and modify files that determine the Firewall Client configuration settings. The Common.ini file, which is created when Firewall Client is installed, specifies common configuration for all the applications. The Application.ini file specifies configuration settings for specific applications. For more information on these files, see Advanced Firewall Client settings.
These files can be created at the operating system level, for all users logged on to the computer and may be created for each specific user on the computer. The per-user settings override the general configuration settings. These files are created in different locations, depending on the operating system. For example, on Windows XP computers, the files are copied to two folder:
- \Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Firewall Client 2004
- \Documents and Settings\user_name\Local Settings\Application Data\Microsoft\Firewall Client 2004
You can use ISA Server Management to modify Firewall client configuration settings. For instructions, see Configure Firewall Client application settings.
The following table lists the entries that you can include when configuring the Firewall Client software application settings. The first column lists the keys that can be included in the configuration files. The second column describes the values to which the keys can be set. Note that some settings can be configured only on the Firewall Client computer; you cannot configure them using ISA Server Management.
| Entry | Description |
|---|---|
| Disable | Possible values: 0 or 1. When the value is set to 1, the Firewall Client application is disabled for the specific client application. |
| Autodetection | (Can be set only on the Firewall Client computer.) Possible values: 0 or 1. When the value is set to 1, the Firewall Client application auatomaticlaly the ISA Server computer to which it should connect. |
| NameResolution | Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer. |
| LocalBindTcpPorts | Specifies a Transmission Control Protocol (TCP) port, list, or range that is bound locally. |
| LocalBindUdpPorts | Specifies a User Datagram Protocol (UDP) port, list, or range that is bound locally. |
| RemoteBindTcpPorts | Specifies a TCP port, list, or range that is bound remotely. |
| RemoteBindUdpPorts | Specifies a UDP port, list, or range that is bound remotely. |
| ServerBindTcpPorts | Specifies a TCP port, list, or range for all ports that should accept more than one connection. |
| ProxyBindIp | Specifies an IP address or list that is used when binding with a corresponding port. Use this entry when multiple servers that use the same port need to bind to the same port on different IP addresses on the ISA Server computer. The syntax of the entry is: ProxyBindIp=[port]:[IP address], [port]:[IP address] The port numbers apply to both TCP and UDP ports. |
| KillOldSession | Possible values: 0 or 1. When the value is set to 1, it specifies that, if the ISA Server computer holds a session from an old instance of an application, that session is terminated before the application is granted a new session. This option is useful, for example, if an application crashed or did not close the socket on which it was listening. By closing the old session, ISA Server immediately discovers that the application was terminated and can release the port used by the old session immediately. |
| Persistent | Possible values: 0 or 1. When the value is set to 1, a specific server state can be maintained on the ISA Server computer if a service is stopped and restarted and if the server is not responding. The client sends a keep-alive message to the server periodically during an active session. If the server is not responding, the client tries to restore the state of the bound and listening sockets upon server restart. |
| ForceCredentials | (Can be set only on the Firewall Client computer.) Used when running a Windows service or server application as a Firewall client application. When the value is set to 1, it forces the use of alternate user authentication credentials that are stored locally on the computer that is running the service. The user credentials are stored on the client computer using the Credtool.exe application that is provided with the Firewall Client software. User credentials must reference a user account that can be authenticated by ISA Server, either local to ISA Server or in a domain trusted by ISA Server. The user account is normally set not to expire; otherwise, user credentials need to be renewed each time the account expires. |
| NameResolutionForLocalHost | Possible values are L (default), P, or E. Used to specify how the local (client) computer name is resolved, when the gethostbyname API is called. The LocalHost computer name is resolved by calling the Winsock API function gethostbyname() using the LocalHost string, an empty string, or a NULL string pointer. Winsock applications call gethostbyname(LocalHost) to find their local IP address and send it to an Internet server. When this option is set to L, gethostbyname() returns the IP addresses of the local host computer. When this option is set to P, gethostbyname() returns the IP addresses of the ISA Server computer. When this option is set to E, gethostbyname() returns only the external IP addresses of the ISA Server computer—those IP addresses that are not in the local address table. |
| ControlChannel | Possible Values: Wsp.udp (default) or Wsp.tcp. Specifies the type of the control-channel used. |
