Microsoft Internet Security and Acceleration Server 2004 SDK

What's New in ISA Server Software Development Kit

Internet Security and Acceleration (ISA) Server 2004 introduces numerous new features and functionalities. Some of the most notable advancements are described on this page.

Multiple Networking

The ISA Server  2000 networking model included an internal network and multiple external networks, some of which could be configured as a perimeter network (also known as demilitarized zone, DMZ, or screened subnet). ISA Server 2004 supports the configuration of multiple networks with different access policies behind the ISA Server computer, including virtual private networks and perimeter networks in addition to a standard Internal network. For more information see About Multi-networking.

Network Entities

ISA Server 2004 provides a rich set of network objects, including address ranges, computers, computer sets, networks, network sets, and subnets, that can be used to define source and destination settings for policy rules. For example, you can group networks in network sets and define specific policies for them so that when you add a network, you can add the new network to a network set and apply that policy to it. You can use network rules to specify which network entities have a routing relationship between them and which have a network address translation (NAT) relationship.

Cache Rules

ISA Server 2004 features a centralized cache policy under a single administrative node, the cache rule. This is reflected in changes in the administration object hierarchy. For more information, see Introduction to the ISA Server Cache Objects.


ISA Server 2004 has a persistence mechanism that allows you to save and reuse array configurations or portions of configurations, such as specific policies. For more information see About Persistence.

Virtual Private Networking

ISA Server 2004 supports secure virtual private network (VPN) access that can connect branch offices or remote users to corporate networks. ISA Server firewall policy is applied to VPN connections to control what resources and protocols VPN users can access. For more information, see About Virtual Private Networks.


ISA Server 2004 can authenticate users using built-in Windows authentication methods, predefined authentication schemes that are installed with ISA Server, or third-party authentication schemes that are registered with Web filters. For more information see About Authentication in ISA Server.

Network Configuration Detection Mechanism for Application Filters

ISA Server 2004 provides a Network Configuration Detection (NCD) module, and an NCD programming interface and events for use by application filters. The ISA Server 2004 NCD module continually checks for changes to the network configuration, and sends NCD notifications describing those changes when they occur. Using the NCD mechanism, you can design a filter that reacts appropriately to changes in Network configuration, such as dynamic changes in virtual adapters, the addition of new network adapaters, or the removal or addition of IP addresses to a network. For more information, see About Network Configuration Detection.

Server-side Notifications for Web Filters

ISA Server 2004 provides server-side notifications for Web filters. For more information, see Introduction to Web Filters.