Differences Between ISA Server 2000 and ISA Server 2004

The primary difference between ISA Server 2000 and ISA Server 2004 is in the way in which networks are defined. With ISA Server 2000, there was a somewhat binary system in which all computers inside the company had to be defined by IP address ranges within the Local Address Table (LAT). Everything that was not defined in the LAT was considered external to the firewall.

With ISA Server 2004, the ability to define different networks is greatly improved. Now you can identify any range of IP addresses as a network, which opens up the possibility to allow or deny access between groups of machines inside the company as well as between machines inside and outside the company. Table 1-1 describes other features introduced in ISA Server 2004. For the complete listing of new features in ISA Server 2004, check out http://www.microsoft.com/isaserver/evaluation/features/.

Table 1-1: New Features in ISA Server 2004

Feature Name



Replaces the LAT from ISA Server 2000, allowing you to create and configure multiple networks. You are no longer limited to a binary approach in which the LAT contains internal addresses and everything else is considered external addresses. Instead, you have a relative LAT, which allows the configuration of multiple networks based on IP address ranges.

Per-network policies

Allows you to control how the clients within specified networks will communicate with one another.

Network relationships: Routed or NAT

Allows you to control how the networks will communicate with one another: Network Address Translation (NAT) or routed.

Built-in network templates

Allows you to easily configure your firewall policies based on the location of your ISA Server.

Advanced HTTP policies

Allows the ability to perform real OSI Layer 7 application inspection on a per-rule basis, control downloads by file extension, and control access for every connection, as well as blocking of unwanted content based on exploit and common application signatures.

Advanced FTP policies

Allows the ability for users to upload and download using File Transfer Protocol (FTP) while giving administrators the ability to selectively filter FTP requests.

Link translation

Provides a dictionary of internal server names mapped to external accessible names to prevent broken links by external users. This feature was available with the installation of ISA Server 2000 Feature Pack 1, but is now built-in.

Network Access Quarantine Control

Segregates clients onto a separate network to ensure predefined conditions have been met before allowing access to the internal network.

Port Redirection

Allows ISA server to accept connections for internal resources on a different port than that used by the internal server.

Advanced VPN Functions

Allows stateful filtering and inspection, monitoring, and logging, as well as support for Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol/IP Security (L2TP/IPSec), strong authentication, and virtual private network (VPN) quarantine.

Because of low levels of use, performance degradation, or potential security risks, Microsoft removed some of the features included with ISA Server 2000. Table 1-2 describes the features no longer available in ISA Server 2004.

Table 1-2: Features Removed in ISA Server 2004

Feature Name


H.323 gateway

Allowed call handling and routing of H.323 Voice over IP (VoIP) calls.

Live media split streaming

Allowed organizations using Windows Media Technology to split the media streams, improving bandwidth for video and audio.

Bandwidth control

Allowed prioritization of connections based on the quality of service (QoS) packet scheduling service.

Active caching

Allowed the cache to manage the most commonly used items in the cache, and refresh itself as needed. In ISA Server 2004 Standard Edition, even though the functionality was removed, the tab will appear until ISA Server SP1 is applied.

Some features are available (or supported) only on ISA Server 2004 Enterprise Edition. See Table 1-3 for a list of these features and their functions.

Table 1-3: Features Unique to ISA Server 2004 Enterprise Edition

Feature Name


Enterprise policies

Enterprise policies apply to a range of ISA servers, allowing centralized management of many ISA Server computers. Enterprise policies can override lower level policies.

Enterprise networks

Enterprise networks are composed of IP address ranges, and are global to all arrays in the enterprise.

Enterprise rule elements

In the Enterprise Policy node, you can configure protocols, users, content types, schedules, and network objects that are available to all permitted array members.

NLB support

Network Load Balancing (NLB) supports the ability to scale the use of ISA Server to more and more clients by using a single IP address to support several physical computers.

Site-to-site VPN failover

When VPNs are used with NLB, one array member is assigned as the connection owner. If the owner server becomes unavailable, the VPN connection is re-established with another array member.


Cache Array Routing Protocol (CARP) allows cached data to be stored on, and retrieved from, specific ISA servers throughout the enterprise without duplicating cache content.

Array reporting

ISA Server 2004 Enterprise Edition can combine the log files from different ISA servers (array members) and create a combined report summary.

In this section you've seen some of the new features included in ISA Server 2004, old features that are no longer available, and some of the capabilities available only in the Enterprise Edition of the ISA Server product.

Microsoft Internet Security and Acceleration ISA Server 2004 Administrator's Pocket Consultant
Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)
ISBN: 0735621888
EAN: 2147483647
Year: 2006
Pages: 173

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net