Category: Uncategorized

ISA Server rules are evaluated in the order in which they appear in the firewall policy. The order of the rules affects not only the effective policy for your organization, but the efficiency with which the rules are evaluated. Since the first rule match ends the need to check additional rules, your firewall policy will…

I was recently looking at ISA Server’s logging features, trying to see where we might have opportunities to improve in future versions. As part of this process, I installed SQL on my ISA Server firewall. And noticed the following phenomenon.   In general, when you configure ISA Server to log to a SQL server, ISA…

Recently there was some talk about the following two HTTP filter options so I thought maybe more people would also be interested. Verify normalization:   If you want to block requests with URLs containing escaped characters after normalization.   Web servers receive requests that are URL encoded. This means that certain characters may be replaced…

As many of us know, ISA Server’s biggest selling point is being a terrific security/caching/reverse-caching/vpn/application level firewall/(did I forget anything) solution.  So what’s the main tough job we regularly fight here at ISA? Where should be further investing.  Each investment carries a high degree of risks like unknown development time, stabilization, etc. But the biggest…

ISA Server does not handle IPv6 traffic. IPv6 traffic will pass through the ISA Server firewall regardless of your firewall policy. We recommend that you not enable IPv6 traffic on the ISA Server computer or array. If you have enabled IPv6 traffic, we recommend that you disable it on the ISA Server computer, or on…

When troubleshooting ISA Server 2004 one of the first places you are going to go to is the Logging page  to see what is happening with your traffic.   For additional information you might want to add the following two columns to the logging page to get additional information regarding ISA’s behavior displayed on the…

Before you deploy ISA Server 2004 Enterprise Edition, you have to consider where you are going to locate the Configuration Storage servers, which store the configuration for all of the ISA Server arrays in the enterprise. Some of the aspects you should consider are: The number of Configuration Storage servers that you want to install for…

Many clients have wondered, why doesn’t ISA support defining multiple server certificates for a single IP. Such feature could have been useful when publishing several sites over SSL using the same public IP. On such configuration published site is using a different external names (e.g. mail.contoso.com, docs.contoso.com, …), where all public names are mapped to…

Prior to SP2, if a requested destination name was in the list, it was accessed directly. With SP2 – a requested name in the list is accessed directly, unless IP addresses are included in the list. In that case, an attempt is made to resolve the site name to an IP address. Access is direct…

Two weeks ago, we released a new version (V2) of the ISA Server 2004 Best Practices Analyzer Tool, which is commonly knowns as the IsaBPA. What is changed in the new version?   We added new checks to the IsaBPA. Now we have about 150 rules! We focused especially on authentication and Outlook Web Access checks. We also…