ISA Server 2006 determines if a packet is allowed to pass through or denied based upon the following rule sets in the following order:
- Network Rules. You can use ISA Server 2006 to configure
network rules, thereby defining and describing a network topology.
Network rules determine whether there is a relationship between two
network entities, and what type of relationship is defined. Network
relationships can be configured as follows:
- Route. Client requests from the source network are directly
relayed to the destination network. The source client address is
included in the request.
- Network address translation (NAT). ISA Server replaces the
Internet Protocol (IP) address of the client on the source network
with its own IP address.
Note: When no relationship is configured between networks, ISA Server drops all traffic between the two networks.
- Route. Client requests from the source network are directly relayed to the destination network. The source client address is included in the request.
- System Policies. ISA Server 2006 includes a default system
policy configuration, which allows use of services commonly
required for the network infrastructure to function properly.
- Firewall Policies. Using ISA Server 2006, you can create a
firewall policy, which includes a set of publishing and access
rules. These rules, together with the network rule and system
policies, determine how clients access resources across
For more information about network rules, system policies, and firewall polices, see the product Help.