When you publish a Web application through ISA Server, you protect the Web server from direct external access because the name and IP address of the Web server are not accessible to the user. The user accesses the ISA Server computer, which then forwards the request to the Web server according to the conditions of your Web server publishing rule.

Two common applications that users need to access when they are not in the office are Outlook Web Access and Microsoft SharePoint® Portal Server (intranet Web sites). ISA Server 2006 protects your internal resources while providing secure access to the necessary information to authorized users.

Before running the appropriate publishing wizard, update the following table with information regarding secure application publishing.

Description Value

Specify the FQDN for the Web site that users will use to access the site from the Internet.


For example: owa.contoso.com

Request and install a Web server certificate from a public certification authority (CA) on the ISA Server firewall. An internal CA can be used, but you need to install the root CA certificate on all computers that will access this published Web server.

Completed: Yes or No

Record a DNS entry for the FQDN for your public DNS server. If you do not manage your own public DNS servers, you will typically need to make the request to your Internet service provider (ISP) or the organization that is managing your company's public DNS.

The DNS entry's IP address must be an IP address on the ISA Server firewall.

Completed: Yes or No

Install a separate valid public IP address for each Web site that you publish that uses a different Web server certificate. The IP address should be installed on the external network adapter as a secondary IP address.

IP address for published Web server:


Subnet mask:


Specify the FQDN of the internal Web server.

FQDN: ________________________

Provide a complete URL to access the internal Web server from the Internal network.

Complete URL: ___________________________

URL works: Yes or No.

Specify the connection between the ISA Server computer and the internal Web server.


Install the trusted root CA certificate on the ISA Server computer, if the connection to the internal Web server is HTTPS, and the Web server certificate on the internal Web server is issued from an internal CA.

Completed: Yes or No.

For more information about how to request and install digital certificates, see "Digital Certificates for ISA Server" at the Microsoft TechNet Web site.

For procedures on how to publish a Web server, see "Secure Application Publishing in ISA Server" at the Microsoft TechNet Web site.