The Microsoft Internet Access Gateway service provides a gateway between the Internet and your local area network (LAN) that allows users to safely browse the Internet's World Wide Web, Gopher, and FTP servers from a client desktop. This topic provides an overview of the Internet Access Gateway service. For more detailed information click on one of the following:
Internet Access Gateway Service Architecture
Configuring the Internet Access Gateway Service
The Internet Access Gateway service is installed on a computer running Windows NT Server version 3.51 that has at least two network adapter cards: one for your local area network and the other for the Internet. It acts as a selective application layer gateway between the two network cards. Client requests and Internet responses can pass through the gateway, but unrequested packets from the Internet are not allowed access to your LAN.
Application-layer filtering provides security at the application level. The Internet Access Gateway service establishes TCP/IP connections to specific sites on the Internet on behalf of corporate network WWW, Gopher and FTP requests. The service listens for and accepts only those WWW, Gopher, and FTP responses from the Internet that are answers to these requests. If a spontaneous packet received from the Internet is addressed to one of the computers on the corporate LAN, the packet will not be routed to the LAN (because IP routing is disabled on the server). IP addresses in IP data packets are never used for selective filtering, therefore, a would-be hacker cannot use IP address "spoofing" (impersonating an authorized user) to infiltrate your network.
The Internet Access Gateway service also provides policy control in the form of domain name filtering. Domain name filtering allows network administrators to control which Internet servers can be accessed by network clients. This can be done either by listing the domains for which access is granted, or the domains for which access is denied. These policies affect all users connecting to Internet resources through the Internet Access Gateway.
User-level permissions allow Network administrators to control which users have access to Internet applications by setting user and group level permissions for World Wide Web, Gopher and FTP. The user-level control is fully integrated with the Windows NT domains and user name accounts.
The Internet Access Gateway service is transport independent, supporting major transport protocols such as TCP/IP, SPX/IPX and NetBEUI. The Internet uses the TCP/IP transport protocol, while many corporate networks use various types of transport protocols simultaneously. With the Internet Access Gateway service, client computers do not need to use the TCP/IP transport protocol in order to access the Internet. The Internet Access Gateway service acts as a protocol converter, converting requests received from your network into the Internet's TCP/IP protocol.
The caching feature offers a more efficient way to access commonly used Internet documents. Internet information requested by a client can be cached, or held in local storage by the server so that when another client requests the same information it is simply retrieved from local storage and sent to the requester. Caching reduces Internet traffic and the time required to process Internet requests. Network administrators can control the cached data, including how much disk space should be used for caching and cached information Time-out and Refresh intervals.
The Internet Acess Gateway service also provides a CERN-compatible proxy gateway for UNIX and Macintosh clients running TCP/IP. Clients using this feature must be running TCP/IP, and are all subject to a single user policy. That is, such clients cannot have different levels of access.
This publishing system was produced using Windows NT Workstation version 3.51 and Internet Assistant for Microsoft Word version 6.0c. Copyright 1995 Microsoft Corporation; see disclaimer.
