QSG EE Policy

ISA Server 2006 determines if a packet is allowed to pass through or denied based upon the following rule sets in the following order.

  • Network Rules. You can use ISA Server 2006 to configure network rules, thereby defining and describing a network topology. Network rules determine whether there is a relationship between two network entities, and what type of relationship is defined. Network relationships can be configured as follows:
    • Route. Client requests from the source network are directly relayed to the destination network. The source client address is included in the request.
    • Network address translation (NAT). ISA Server replaces the Internet Protocol (IP) address of the client on the source network with its own IP address.
      When no relationship is configured between networks, ISA Server drops all traffic between the two networks.
  • Array System Policies. ISA Server 2006 includes a default system policy configuration, which allows use of services commonly required for the network infrastructure to function properly. In Enterprise Edition, each array has its own array system policy that applies to all array members.
  • Firewall Policies. Using ISA Server 2006, you can create a firewall policy, which includes a set of publishing and access rules. These rules, together with the network rule and array system policies, determine how clients access resources across networks. Enterprise Edition includes enterprise firewall polices that are applied before and after array firewall polices, which provides flexibility for firewall policy management.

For more information about network rules, array system policies, and firewall polices, see the product Help.