ISA Server 2006 determines if a packet is allowed to pass through or denied based upon the following rule sets in the following order.
- Network Rules. You can use ISA Server 2006 to configure
network rules, thereby defining and describing a network topology.
Network rules determine whether there is a relationship between two
network entities, and what type of relationship is defined. Network
relationships can be configured as follows:
- Route. Client requests from the source network are directly
relayed to the destination network. The source client address is
included in the request.
- Network address translation (NAT). ISA Server replaces the
Internet Protocol (IP) address of the client on the source network
with its own IP address.
Note: When no relationship is configured between networks, ISA Server drops all traffic between the two networks.
- Route. Client requests from the source network are directly relayed to the destination network. The source client address is included in the request.
- Array System Policies. ISA Server 2006 includes a default
system policy configuration, which allows use of services commonly
required for the network infrastructure to function properly. In
Enterprise Edition, each array has its own array system policy that
applies to all array members.
- Firewall Policies. Using ISA Server 2006, you can create a
firewall policy, which includes a set of publishing and access
rules. These rules, together with the network rule and array system
policies, determine how clients access resources across networks.
Enterprise Edition includes enterprise firewall polices that are
applied before and after array firewall polices, which provides
flexibility for firewall policy management.
For more information about network rules, array system policies, and firewall polices, see the product Help.