ISA Server 2006 is a great firewall product. As with all of our products, it continues to be improved and SP1 offers up some new goodies as well as a bunch of fixes.
Here’s the list of new features:
- Configuration Change Tracking—Registers all configuration changes applied to ISA Server to help you assess issues that may occur as a result of these changes.
- Test Button—Tests the consistency of a Web publishing rule between the published server and ISA Server.
Traffic Simulator—Simulates network traffic in accordance with specified request parameters, such as an internal user and the Web server, providing information about firewall policy rules evaluated for the request.
- Diagnostic Logging Viewer—Now integrated as a tab into the ISA Server Management console, this feature displays detailed events on packet progress and provides information about handling and rule matching.
Improvements for existing features, including:
- Support for integrated NLB mode in all three modes, including unicast, multicast, and multicast with Internet Group Management Protocol (IGMP). Previously, ISA Server integrated NLB-supported unicast mode only.
- Support for use of server certificates containing multiple Subject Alternative Name (SAN) entries. Previously, ISA Server was able to use either only either the subject name (common name) of a server certificate, or the first entry in the SAN list.
- Support for Kerberos Constrained Delegation (KCD) cross-domain authentication. Credentials from users located in a different domain than the ISA Server, but in the same forest, can now be delegated to an internal published Web site by using KCD.
- Support for client certificate authentication in a workgroup deployment. This removes the requirement to map each client certificate to an Active Directory® directory user account when forms-based authentication is used as the primary authentication method and client certificates are used as the secondary method.
For a list of the fixes, see http://support.microsoft.com/kb/943462.