Troubleshooting Firewall Policy

Firewall policies are the heart and soul of ISA Server's functionality, and some scenarios can become fairly complex. Be sure to review the Microsoft Knowledge Base ( for issues that relate to your particular scenario. See and the ISA Server newsgroups (listed at for tutorials and a great forum where many people share stories of how to set up access rules, publish servers, and overcome environmental and technical challenges.

Here are a few key points to remember and good resources to use when troubleshooting.

  • When you make changes to firewall policies, current sessions aren't affected. You need to either disconnect the sessions or restart the firewall service for these sessions to enlist the new policies.

  • Be sure that you understand the difference between system policies, access rules, and publishing rules. Remember that traffic is processed first at the network, then system policies, then access or publishing rules.

  • For ISA Server 2000 users, don't forget to click Apply after making changes. ISA needs to commit the changes to the register (in Standard Edition) or the CSS (in Enterprise Edition).

  • Remember that if you have a NAT relationship between networks, access rules can only apply from the source (protected) to destination (untrusted) networks. Publishing rules are necessary to allow traffic in the other direction. When the network relationship is set to Route, access rules can apply both ways.

Microsoft Internet Security and Acceleration ISA Server 2004 Administrator's Pocket Consultant
Microsoft Internet Security and Acceleration (ISA) Server 2004 Administrators Pocket Consultant (Pro-Administrators Pocket Consultant)
ISBN: 0735621888
EAN: 2147483647
Year: 2006
Pages: 173

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: