F.A.Q. (Frequently asked questions)
Q. If I install SecureSOCKS5, will it allow unrestricted Internet access to all socks5 clients?
A. No, you still need to create firewall policy rules to allow SOCKS5 clients connections.
SecureSOCKS5 doesnít break ISA Server security, it just extends its functionality.
You may see SOCKS sessions in ISA monitoring and logs. They are represented as SNAT sessions. SOCKS connections are subject to firewall rules.
Q. What Microsoft ISA Server policy rules should I create to allow socks5 clients access? Should I create protocol definition for SOCKS protocol?
A. You don't have to create protocol definition for SOCKS5 protocol.
—onsider SOCKS5 clients as new type of clients, in addition to firewall clients and SecureNAT clients.
So you just need to create rules that allow specific users or computers to use specific protocols to access specific sites.
Q. Can I use SOCKSv4 filter along with SecureSOCKS5?
A. Yes, you may use them both. Just don't forget to set different port numbers for them.
Q. What is "Firewall external address"?
A. Firewall external address - is the external IP address of the ISA Server computer. You may left it empty (default option). It is used for bind operations on sockets.
Q. What do mean all that settings?
A. All settings have descriptions that popup when you point mouse over them. If you still don't understand them then just use "Auto configure" option - it will set them to preferable default values.
Q. I don't have active directory in my environment. Can I still use authentication with socks5 clients?
A. Yes, you may create local accounts at your ISA Server computer and use them to authenticate socks5 clients.
Q. Do you provide any kind of socks5 client software, so that application that doesn't have socks5 capability can be run in a "socksified" way?
A. No, unfortunately we don't provide such client software.
If some of your applications do not provide socks5 capability, you may use some of 3rd-party software. Some of them is freeware. Here is what we know:
Q. My client software don't have option to anonymously connect to socks5 proxy server. It requires me to enter login and password. Can I avoid authentication?
A. You may leave login and password fields empty. SecureSOCKS5 will recognize it as anonymous logon and ISA Server will check only client IP against its policy rules.
Or you may disable authentication for some clients by specifying their IP addresses on Authentication tab of SecureSOCKS5 properties.
Q. My ISA Server has no public IP. It is behind NAT router. Can I use SecureSOCKS5?
A. Yes, you may use SecureSOCKS5 in this configuration, but clients inbound connections will fail. (Most applications don't require inbound connections.)
Q. Do you have any documentation for this product?
A. For now, we havenít created any documentation for SecureSOCKS5, as we thought it is unnecessary. SOCKSv4 filter shipped with ISA doesnít have any documentation, does it? So if you have any difficulties in understanding some things, just ask us. :)
Q. Socks5 clients can't use UDP connections in Microsoft ISA Server 2004/2006!
A. We know about this issue. We're investigating it, trying to discuss it with Microsoft ISA Server development team. We'll report when it will be resolved.
Q. I've installed it, but it doesn't work!
A. Try to enable logging. It may give right hint, what is wrong.
Also don't hesitate to ask us for any support at firstname.lastname@example.org (even if you haven't registred yet). Your log file attached is recommended.
Q. I found a bug. Shame on you!
A. If SecureSOCKS5 misbehaves, just let us know. We'll investigate issue as soon as we can. If you found a serious bug, you may get SecureSOCKS5 licence for free. ;)