Comparing access rules and publishing rules


When you need to allow clients access to services, you can use either access rules or server publishing rules, but what is the difference between them?


There is some information provided in the article Configuring Internal Client Access to Internal Resources in ISA Server 2004. This blog posting provides a very specific comparison of access rules and publishing rules.


Access rule characteristics:

l  Can only be used between networks that have route or forward NAT (source to destination NAT) relationship

l  One rule can allow multiple protocols

l  MUST use outbound protocols

l  User can only access the ports defined in the protocols



Publishing rules characteristics:

l  Can be used between networks that have route or backward NAT (destination to source NAT) relationship. But the listening IP address is different for different network relationships, as shown in the table below:


Network Relationship

Listening IP address


The destination server’s IP address

Backward NAT(destination to source NAT)

ISA Server’s network adapter IP address(connected to the source network)


l  Each rule can allow only one protocol

l  MUST use inbound protocols

l  You can change the port defined in protocols

l  The published server must be a SecureNAT client, and must configure ISA Server as its default gateway if you choose Requests appear to come from the original client in the publishing rule;

l  Some functions can be used only in a publishing rule, such as link translation, or forward original client source IP address (Requests appear to come from the original client) in Web publishing rules.


Meibo Zhang

Chengdu, China

Comments (0)

Skip to main content