Configuring ISA Server Behind an SSL Accelerator

SSL accelerators are used to efficiently handle the encryption and decryption work that would otherwise have to be performed by other servers. You may want to place an SSL accelerator between ISA Server and the Internet, so that the ISA Server computer or array does not have to use its resources for encryption/decryption. If you do so, you have to configure ISA Server to stop listening for HTTPS communication from the Internet, so that it doesn’t bypass the SSL accelerator. You must also configure ISA Server to recognize that HTTP traffic received from the accelerator anticipates HTTPS responses, including appropriately-translated links.

To prevent ISA Server from bypassing the SSL accelerator, set the ISA Server SSL Port to 0. This can be done in ISA Server Management. The other configuration requirements cannot be addressed through ISA Server Management, but can be set programmatically using the SSLAcceleratorPort property of the FPCWebListenerProperties object.

The configuration details, and an example script for configuring the SSLAcceleratorPort property, are provided in the document Configuring ISA Server to Work with SSL Accelerators.

Nathan Bigman, ISA Server User Education