Forum Discussion
Hi Piotr,
the Forefront TMG Firewall Proxy is not a classic Socks4/5 proxy, but rather than a WinSocks Proxy.
When ever an Win32 application ask for network access, the WinSocks stack of the clients (replaced by a TMG client component) will compare the DNS_NAME and the resolved DST_ADDR with two tables called the Local Adress Table (LAT) and Local Domain Table (LDT). If the DNS_NAME and DST_ADDR is not contained in the LAT or LDT, then WinSocks would forward RAW WinSocks calls (on OSI Layer5) directly to the TMG to finalize the OSI-Layer 4, 3, 2 and 1 communication.
In the end the client application can also use WinSocks allow secondary inbound/outbound connection without application aware fixups in place to parse the control channels. Some sort of UPNP for enterprises. And another cool feature is that TMG was always aware which username has executed which the application (even on multiuser terminal servers) and use those information within firewall access policies or transparent HTTP proxy rules.
Good luck coding this in an iRule.... ;-)
Cheers, Kai