How Should ISA Firewall Rules Be Ordered?

It’s difficult to give hard and fast information on how to best order the rules in your ISA Firewall rule set, since there are many exceptions that require understanding of how rules are processed. However, The following will help you get started:

  1. Rules that deny access to all users
  2. Rules that allow access to all users
  3. Rules that allow or deny access to specific computers (that is to say, rules that don’t require authentication)
  4. Rules applying to specific users, URLs, and MIME types
  5. All other rules

Web and Server Publishing Rules can be placed anywhere.

Keep in mind that with enterprise edition, the best way to get the rules higher in rule order is to put them in the Pre-array Enterprise Rules.

For more information, check out:

http://www.microsoft.com/technet/isa/2006/BP_Firewall_Policy/default.mspx?mfr=true

HTH,

Tom

Thomas W Shinder, M.D.
Site: http://www.isaserver.org/

Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to 
http://tinyurl.com/2gpoo8
Email: [email protected]
MVP — Microsoft Firewalls (ISA)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top