Client computers that do not have Firewall client software are secure network address translation (SecureNAT) clients. SecureNAT clients can benefit from many of the features of Microsoft Internet Security and Acceleration (ISA) Server. This includes most access control features, with the exception of high-level protocol support and user-level authentication.
Although SecureNAT clients do not require special software, you should configure the default gateway so that all traffic destined to the Internet is sent by way of ISA Server, either directly or indirectly, through a router. You can configure clients either by using the DHCP service or manually.
Since requests from SecureNAT clients are essentially handled by the Firewall service, SecureNAT clients benefit from the following security features:
SecureNAT and Windows 2000 NAT
ISA Server extends the Windows 2000 network address translation (NAT) functionality by enforcing ISA Server policy for SecureNAT clients. In other words, all ISA Server rules can be applied to SecureNAT clients, despite the fact that Windows 2000 NAT does not have an inherent authentication mechanism. (Policies regarding protocol usage, destination, and content type are also applied to SecureNAT clients.)
SecureNAT clients and server publishing
As with Firewall clients, SecureNAT clients can also actually be servers, such as mail servers, which publish information to the Internet. You configure server publishing rules in order to publish servers as SecureNAT clients. For more information, see Server publishing rules.
SecureNAT clients are not supported in cache mode. For more information, see ISA Server modes.