It’s difficult to give hard and fast information on how to best order the rules in your ISA Firewall rule set, since there are many exceptions that require understanding of how rules are processed. However, The following will help you get started:
- Rules that deny access to all users
- Rules that allow access to all users
- Rules that allow or deny access to specific computers (that is to say, rules that don’t require authentication)
- Rules applying to specific users, URLs, and MIME types
- All other rules
Web and Server Publishing Rules can be placed anywhere.
Keep in mind that with enterprise edition, the best way to get the rules higher in rule order is to put them in the Pre-array Enterprise Rules.
For more information, check out:
http://www.microsoft.com/technet/isa/2006/BP_Firewall_Policy/default.mspx?mfr=true
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP — Microsoft Firewalls (ISA)