Clique aqui para instalar o Silverlight*
BrasilAlterar|Todos os sites da Microsoft
Isa Server 
|Mapa do Site|Worldwide|Free Newsletters

Migrating from Proxy Server 2.0

Publicado em: 3 de maio de 2001

Microsoft Internet Security and Acceleration (ISA) Server supports a full migration path for Microsoft Proxy Server 2.0 users. Most Proxy Server rules, network settings, monitoring configuration, and cache configuration will be migrated to ISA Server. Furthermore, ISA Server will continue to support Winsock proxy client software, together with its own Firewall client software, in a heterogeneous client base.

ISA Server introduces many new features and changes over Proxy Server 2.0. These changes affect the server configuration and upgrade scenarios. Below are key items that an administrator should consider as part of the upgrade process to ISA Server.

Reasons for Migration

ISA Server is the successor to Proxy Server 2.0, although it is much more than a "proxy." When compared with Proxy Server 2.0, new or significantly improved features in ISA Server, include the following:

A multilayer firewall that features stateful inspection, broad application support, and integrated intrusion detection

Integrated Virtual Private Networking

System hardening

RAM caching and optimized cache store, including scheduled content download

Unified management console, including graphical taskpads and wizards for common tasks

Transparency for all clients

Advanced, passthrough, and Secure Sockets Layer (SSL) authentication support

Improved monitoring features, including customizable alerts, detailed logging, and reporting

Extensible platform with a comprehensive Software Development Kit

Migration Process

Before you can migrate an array of Proxy Server 2.0 computers, it is recommended that you remove all the members. Each member will retain an identical set of rules, which was replicated to all the servers in the array. Also, all the servers will retain identical network configuration (such as dial-on-demand settings) and monitoring configuration (such as alerts).

When you migrate Microsoft Proxy Server 2.0 to ISA Server, Standard Edition, ISA Server cannot be installed as an array member. If you want to install ISA Server as an array member, you must install ISA Server, Enterprise Edition.

There are a number of additional issues you should consider while preparing to migrate from Proxy Server 2.0 to ISA Server.

Direct upgrade from Proxy Server 1.0, BackOffice Server 4.0 or Small Business Server 4.0 is not supported.

There is no automatic option to return to Proxy Server 2.0 once the upgrade to ISA Server has been started.

ISA Server does not support the IPX protocol.

Before you upgrade from Proxy Server 2.0, perform a full backup of the current settings.

In addition, ISA Server can only be installed on computers running Windows 2000 Server or later. Therefore, if your current version of Microsoft Proxy Server 2.0 runs on Windows NT 4.0, follow these steps:

Stop and disable all Proxy Server services. To do this, type net stop service_name at a command prompt. Here are Proxy Server services, with the appropriate service name.

Proxy Server serviceService name

Microsoft Winsock Proxy service


Microsoft Proxy Server Administration


Proxy Alert Notification service


World Wide Web Publishing service


Upgrade to Windows 2000. You may receive a message indicating that Proxy Server 2.0 will not work on Windows 2000. This message can be safely ignored. For more detailed instructions, see Proxy Server 2.0 home page at /proxy/default.asp.

You can now begin ISA Server setup. For specific instructions, see Chapter 3 for specific instructions.

Since the core services required for firewall operation are inactive during setup, it is recommended that the computer being upgraded be disconnected from the Internet for the rest of the installation procedure.

Migrating Proxy Server 2.0 configuration

Most Proxy Server rules, network settings, monitoring configuration, and cache configuration will be migrated to ISA Server.

Proxy Chains

Mixed chains of Proxy Server 2.0 and ISA Server computers are supported.

When a computer running Proxy Server 2.0 is downstream of the ISA Server computer, only Web proxy chaining is supported. Proxy Server 2.0 does not support upstream Winsock Proxy chaining.

When an ISA Server computer is the downstream server, both Web Proxy and Firewall chaining are supported. (In Proxy Server 2.0, "Firewall chaining" was called "Winsock Proxy chaining.")

Web Proxy Client Requests

Proxy Server 2.0 listened for client HTTP requests on port 80, but when ISA Server is installed, it listens on port 8080 for the Web Proxy service. Therefore, all downstream chain members (or browsers) connecting to the ISA Server computer must connect to port 8080. You can also configure ISA Server to listen on port 80.


Proxy Server 2.0 required that you configure publishing servers as Winsock Proxy clients. ISA Server allows you to publish internal servers, without requiring any special configuration or software installation on the publishing server. Instead, the ISA Server computer treats the publishing servers as SecureNAT clients. Web publishing rules and server publishing rules that are configured on the ISA Server computer make the servers securely accessible to specific external clients. No additional configuration is required on the publishing server.

Proxy Server 2.0 cache configuration is migrated to ISA Server, including cache drive specifications, size, and all other properties.

Proxy Server 2.0 cache content will not be migrated, because ISA Server's cache storage engine is vastly different and more sophisticated. It will be deleted as part of ISA Server setup, and the new storage engine will be instituted, based on existing cache and drive settings. Note: Depending on the cache size and the number of objects in the cache, the deletion process may take some time.


ISA Server includes a SOCKS application filter, which allows client SOCKS applications to communicate with the network, using the applicable policy to determine if the client request is allowed. Migration of Proxy Server 2.0 SOCKS rules to ISA Server policy is not supported.


ISA Server supports the following authentication methods: basic, digest, integrated Windows, and client certificate. By default, when you install ISA Server, the integrated Windows authentication method is configured for Web requests. In Proxy Server 2.0, basic and integrated authentication are enabled by default.

Internet Explorer 5 supports integrated Windows authentication, however, other Web browsers may support only the basic authentication method. In this case, no requests will be allowed, since the user cannot be authenticated. ISA Server rejects Web requests which were previously allowed by Proxy Server. You can configure basic authentication for all Web requests.

Rules and policies

The table below lists how Proxy Server 2.0 rules and other configuration information are migrated on the ISA Server computer:

Proxy Server 2.0ISA Server computer

Domain filters

Site and content rules

Winsock permission settings

Protocol rules

Publishing properties

Web publishing rules

Static packet filters

Open or blocked IP packet filters

Web Proxy routing rules

Routing rules

Policy elements are created, as necessary, for the new rules. Additional configuration information is also migrated: local address table, automatic dial settings, alerts, log settings, and client configurations.

©2017 Microsoft Corporation. Todos os direitos reservados. Entre em contato |Nota Legal |Marcas comerciais |Política de Privacidade