Microsoft Internet Security and Acceleration Server 2000

IP Packet Filtering

Internet Protocol (IP) packet filtering intercepts and evaluates packets before they are passed to higher levels in the protocols or to an application. This includes every IP packet, including Transmission Control Protocol (TCP) packets, User Datagram Protocol (UDP) datagrams, and other packet types. IP packet filters can be configured so that only specified packets will be passed through the ISA Server. This provides a high level of security for your network. IP packet filtering can block packets originating from specific Internet hosts and can reject packets associated with many common attacks. IP packet filtering can also block packets destined to any service on your internal network, including the Web proxy, Firewall, World Wide Web (WWW), or SMTP services.

With Internet Protocol (IP) packet filters, you can intercept and either allow or block packets destined for specific computers on your corporate network. You can configure two types of static IP packet filters: allow filters and block filters.

Packets that are not specifically blocked are passed to the ISA services at the application level. At the application level, you can create an ISA Server policy, which is a set of rules that specify what communication is allowed. The ISA Server policy also specifies the communication that should be allowed or blocked from reaching the Web proxy and ISA Firewall services. Ports are opened for transmission or reception, and then immediately closed after one of the ISA services closes the connection.

Dynamic Packet Filtering

ISA Server supports inbound and outbound IP packet filtering. ISA Server can dynamically determine which packets can be passed through to the internal network's circuit and application layer services. You can configure access policy rules that open ports automatically only as allowed, then close the ports when the communication ends. This process is known as dynamic IP packet filtering. This approach minimizes the number of exposed ports in either direction and provides a high level of problem-free security for your network.

For many application protocols, such as media streaming, dynamic IP packet filtering provides the most secure method to handle dynamically allocated ports.