- Data Center
- Cloud
- Storage
- Big Data
- Security
- Partners
- Support
- Company
Microsoft Internet Security and Acceleration Server (ISA) 2006 Features
Full Feature List
The following table shows the key features available in ISA Server 2006 Standard (mISA Appliance Series) Edition and Enterprise (mISAE Appliance Series) Editions. To compare the features in each edition, see the Comparison of Standard and Enterprise Editions for ISA Server. For More Details Click Here
Secure Remote Access to Internal Microsoft Servers
Feature | Description |
Firewall generated forms for forms-based authentication | ISA Server 2006 can generate the forms used by Outlook Web Access sites for forms-based authentication. This enhances security for remote access to Outlook Web Access sites by preventing unauthenticated users from contacting the Outlook Web Access server. |
Remote access to Terminal Services using SSL | Computers running the Windows Server 2003 operating system support RDP over SSL to allow an SSL connection to Windows Server 2003 Terminal Services. With ISA Server 2006, you can more securely publish Windows Server 2003 Terminal Server using SSL technology. |
Enforce Microsoft Exchange RPC connections from full Microsoft Outlook messaging and collaboration MAPI clients | ISA Server 2006 secure Exchange Server publishing rules give remote users connection to Exchange Server using the fully functional Outlook MAPI client over the Internet. However, the Outlook client must be configured to use secure RPC so that the connection is encrypted. With the ISA Server 2006 RPC policy, you can block all non-encrypted Outlook MAPI client connections. |
Outlook Web Access Publishing Wizard | Clientless remote access through SSL connections form the core of SSL VPNs. The ISA Server 2006 Outlook Web Access Publishing Wizard walks you through creating a firewall rule and creates the Outlook Web Access SSL connection to your Exchange server. All network elements can be created in the wizard, and you never need to leave the wizard to create a policy element. |
SharePoint Server Publishing Wizard | A new wizard publishes multiple Windows SharePoint Services sites simultaneously and provides for automatic link translation. |
Integrated support for Exchange 2007 | Support for the Exchange 2007 feature set is built-in to ISA Server 2006. |
Top Virtual Private Networking (VPN)
Feature | Description |
Branch Office VPN Connectivity Wizard | This wizard automatically configures a site-to-site VPN connection between two separate offices. |
Full integration of VPN with the Microsoft Firewall service | ISA Server 2006 includes a more fully integrated virtual private networking mechanism, which is based on the Windows Server 2003 and Windows 2000 Server functionality. |
Stateful filtering and inspection for VPN | VPN clients are configured as a separate network zone. Therefore, you can create distinct policies for VPN clients. The firewall rule engine discriminately checks requests from VPN clients The engine statefully filters and inspects these requests and dynamically opens connections based on the access policy. |
SecureNAT client support for VPN clients connected to ISA Server 2006 VPN server | ISA Server 2006 expands VPN client support by allowing SecureNAT clients to access the Internet without the Firewall Client installed on the client system. You can also enhance corporate network security by forcing user-based or group-based firewall policy on VPN SecureNAT clients. |
Stateful filtering and inspection for communications moving through a site-to-site VPN tunnel | ISA Server 2006 introduces stateful filtering and inspection for all communications moving through a site-to-site VPN connection. As a result, you can control the resources that specific hosts or networks can access on the opposite side of the link. User-based or group-based access policies can be used to gain granular control over resource use with the link. |
VPN Quarantine | ISA Server 2006 uses Windows Server 2003 VPN quarantine tools for deep VPN client inspection and integration of your firewall policy. |
Publishing VPN servers | ISA Server 2006 server publishing rules can be used to publish IP protocols and PPTP servers. The ISA Server 2006 smart PPTP application filter performs complex connection management. In addition, you can publish the Windows Server 2003 NAT-T L2TP over IPSec VPN server using ISA Server 2006 server publishing. |
IPSec tunnel mode support for site-to-site VPN links | ISA Server 2006 improves site-to-site link support using IPSec tunnel mode as the VPN protocol. IPSec tunnel mode support greatly increases ISA Server 2006 interoperability with a wide array of third-party VPN solutions. |
Top Management
Feature | Description |
Ease of use management features | ISA Server 2006 includes management features that make it easier to improve security of networks by avoiding misconfigurations. User interface features include task panes, context-sensitive Help panes, and a Getting Started Wizard. |
Easy-to-use wizards | New configuration wizards exist for publishing Windows SharePoint Services, Exchange, and general Web sites. A new Branch Office VPN Connectivity Wizard exists for configuring site-to-site VPN connections. |
Export and import of configuration data | ISA Server 2006 provides the ability to export and import configuration information. You can use this feature to save configuration parameters to an .xml file, and then import the information from the file to another server. |
Delegated permissions wizard for firewall administrator roles | The Administration Delegation Wizard helps you assign administrative roles to users and groups. These predefined roles delegate the level of administrative control users have over specified ISA Server 2006 services. |
Centralized logging and reporting | ISA Server 2006 Enterprise Edition logs and reports traffic moving through all members of an enterprise array. There is never a need to collect log file information from each firewall and organize it to create unified report information. |
Centralized storage of firewall policy (Configuration Storage server) | ISA Server 2006 Enterprise Edition uses Active Directory Application Mode (ADAM) for firewall policy storage. ADAM storage enables you to place policy storage containers anywhere in the organization, allowing enhanced flexibility and availability for firewall policy redundancy and facilitated access. |
Enterprise policy | Consistent control over security standards throughout your geographically diverse organization is available by setting security policies at the enterprise level, with application of array-level policy and local policy, as appropriate. |
Automatic array configuration | New servers can be dynamically added to your enterprise and arrays with a simple wizard. ISA Server automatically reads the ADAM database for configuration and policy details. |
ISA Server 2006 Microsoft Operations Manager (MOM) Management Pack | A newly designed MOM Management Pack for ISA Server 2006 enables enterprise-level event monitoring and consolidation of common firewall activities. |
Certificate Management | It is now possible to utilize multiple certificates per Web listener and to use different certificates per array member. ISA Server 2006 is improved to simplify certificate management and reduce the total cost of ownership associated with using certificates when publishing Web sites. |
Extensive SDK | ISA Server 2006 includes a comprehensive SDK for developing tools that build on ISA Server 2006 firewall, caching, and management features. |
Broad vendor support | Independent vendors offer products, such as virus detection, management tools, and content filtering and reporting, that build on and integrate with ISA Server 2006. |
Hardware-based ISA Server appliances | ISA Server 2006 Standard Edition and Enterprise Edition are now available in preconfigured hardware. |
Propagation of enterprise-wide policy | Underlying architecture is improved to provide for more efficiency. |
TopMonitoring and Reporting
Feature | Description |
Real-time monitoring of log entries | With ISA Server 2006, you can view firewall, Web Proxy, and SMTP Message Screener logs in real time. The ISA Server Management snap-in displays the log entries as they are recorded in the firewall's log file. |
Built-in log query facility | You can query the log files using the built-in log query facility. Logs can be queried for information contained in any field recorded in the logs. You can limit the scope of the query to a specific time frame. The results appear in the ISA Server Management snap-in and can be copied to the Clipboard and pasted into another application for more detailed analysis. |
Real-time monitoring and filtering of firewall sessions | With ISA Server 2006, you can view all active connections to the firewall. From a session view, you can sort or disconnect individual or groups of sessions. In addition, you can filter the entries in the session's interface to focus on the sessions of interest using the built-in session filtering facility. |
Connection verifiers | You can verify connectivity by regularly monitoring connections to a specific computer or URL from the ISA Server 2006 computer using connection verifiers. You can configure which method to use to determine connectivity: Ping, TCP connect to a specific port, or HTTP GET. You can select which connection to monitor by specifying an IP address, computer name, or URL. |
Customizing ISA Server 2006 reports | ISA Server 2006 includes an enhanced report customization feature for adding more information in the firewall reports. |
Report publishing | You can configure ISA Server 2006 report jobs to automatically save a copy of a report to a local folder or network file share. The folder or file share the reports are saved in can be mapped to a Web site virtual directory so that other users can view the report. You can also manually publish reports that have not been configured to automatically publish after report creation. |
E-mail notification after report creation | You can configure a report job to send you an e-mail message after a report job is completed. |
Customized time for log summary creation | ISA Server 2006 is designed to create log summaries at 00:30 (12:30 A.M.). Reports are based on information contained in log summaries. You can easily customize the time when log summaries are created with ISA Server 2006. This gives you increased flexibility in determining the time of day reports are created. |
Log to an MSDE database | In addition to .txt files and Microsoft SQL ServerT databases, logs can now be stored in an .mdb file. Logging to a local database enhances query speed and flexibility. |
Enhanced SQL Server logging | You can log to a computer running a SQL Server database located on another computer on the Internal network. ISA Server 2006 SQL Server logging has been optimized to provide much higher performance. |
TopMulti-Networking
Feature | Description |
Multiple network configuration | You can configure one or more networks, each with distinct relationships to other networks. Access policies are defined relative to the networks and not necessarily relative to a specific internal network. ISA Server 2006 extends the firewall and security features to apply to traffic between any networks or network objects. |
Unique per-network policies | The new multi-networking features of ISA Server 2006 enable you to better protect your network against internal and external security threats by limiting communication between clients even within your own organization. Multi-networking functionality supports sophisticated perimeter networks, also known as demilitarized zone (DMZ) or screened subnet scenarios, helping you to configure how clients in different networks access the perimeter network. Access policies between networks can then be based on the unique security zone represented by each network. |
Route and NAT network relationships | You can use ISA Server 2006 to define routing relationships between networks, depending on the type of access and communication required between the networks. In some cases, you may want more secure, less transparent communication between the networks. For these scenarios, you can define a NAT relationship. In other situations, you want to simply route traffic through ISA Server. In these cases, you can define a route relationship. Packets moving between routed networks are fully exposed to ISA Server 2006 stateful filtering and inspection mechanisms. |
Network Load Balancing | NLB provides real-time failover and load balancing of connections made through an ISA Server 2006 Enterprise Edition array. Real-time failover enables high availability for enterprise arrays, while load balancing evenly distributes connections across firewall array servers to prevent network slow downs related to impacted firewalls. |
TopAdvanced Firewall Protection
Feature | Description |
Multi-layer firewall | ISA Server 2006 provides three types of firewall functionality: packet filtering (also called circuit-layer), stateful filtering, and application layer filtering. |
Application layer filtering | ISA Server provides deep content filtering through built-in application filters. |
HTTP filtering on a per-rule basis | ISA Server 2006 HTTP policy allows the firewall to perform deep HTTP stateful inspection (application layer filtering). The extent of the inspection is configured on a per-rule basis. With this capability, you can configure custom constraints for HTTP inbound and outbound access. |
Block access to all executable content | You can configure ISA Server 2006 HTTP policy to block all connection attempts to the Microsoft Windows operating system executable content, regardless of the file extension used on the resource. |
Control HTTP file downloads through file extension | The ISA Server 2006 HTTP policy enables you to define policy based on file extension, including "allow all except a specified group of extensions" or "block all extensions except for a specified group." |
HTTP filtering is applied to all ISA Server 2006 client connections | With the ISA Server 2006 HTTP policy, you can control HTTP access for all ISA Server 2006 client connections. |
Control HTTP access based on "HTTP Signatures" | ISA Server 2006 deep HTTP inspection can help you create "HTTP Signatures" that can be compared to the Request URL, Request headers, Request body, and Response body. This gives you precise control over what content internal and external users can access through the ISA Server 2006 firewall. |
Control allowed HTTP methods | You can control what HTTP methods are allowed through the firewall by setting access controls on user access to various methods. For example, you can limit the HTTP POST method to prevent users from sending data to Web sites using the HTTP POST method. |
Extensive protocol support | ISA Server 2006 gives you control over accessing and using any protocol, including IP-level protocols. Users can then use applications such as Ping and Tracert and can create VPN connections using PPTP. In addition, IPSec traffic can be enabled through ISA Server. |
Support for complex protocols requiring multiple primary connections | Many streaming media and voice or video applications require that the firewall manage complex protocols. ISA Server 2006 can manage these protocols and has an easy-to-use New Protocol Wizard you can use to create protocol definitions. |
Customizable protocol definitions | With ISA Server 2006, you can control the source and destination port number for any protocol for which you create a firewall rule. This gives the ISA Server 2006 firewall administrator a high level of control over what packets are allowed inbound and outbound through the firewall. |
FTP policy | The ISA Server 2006 FTP policy can be configured to let users upload and download through FTP, or you can limit user FTP access to download only. |
Granular control over IP options | With ISA Server 2006, you can configure IP options on a granular basis and only allow the IP options you require while blocking all others. |
Firewall user groups | You can use ISA Server 2006 to create custom firewall groups that are comprised of pre-existing groups in the local accounts database or the Active Directory directory service domain. This increases your flexibility to control access based on user or group membership, because the firewall administrator can create custom security groups from these existing groups. This removes the requirement that the firewall administrator be a domain administrator to create custom security groups for inbound and outbound access control. |
Microsoft Hotmail® Web-based e-mail access through the firewall | ISA Server 2006 improved HTTP filter enables users to access Hotmail through an easy-to-configure firewall rule without the need for special configuration on the client or firewall. |
Network objects | With ISA Server 2006, you can greatly expand your ability to define network objects by creating computers, networks, network sets, address ranges, subnets, computer sets, and domain name sets. These network objects are used to define source and destination settings for firewall rules. |
Firewall Rule wizards | ISA Server 2006 includes a new set of rule wizards that make it easier to create access policy. ISA Server 2006 access policy can be created by a sophisticated firewall rule that you can use to configure any required policy element. You do not need to leave the rule wizard to create a network object. Any network object or relationship can be created within the new wizard. |
Firewall rules represent an ordered list | ISA Server 2006 firewall rules are represented in an ordered list in which connection parameters are first compared to the top listed rule. ISA Server 2006 moves down the list of rules until it finds a rule matching the connection parameters and enforces the matching rule's policy. This approach to firewall policy makes it easier to determine why a specific connection is allowed or denied. |
User-based or group-based access policy | With the ISA Server 2006 enhanced firewall rules, you can define the source and destination for each protocol a user or group is able to access. This greatly increases flexibility for inbound and outbound access control. |
FTP support | ISA Server 2006 gives you access to Internet FTP servers, listening on alternate port numbers without requiring special configuration on the client or ISA Server 2006 firewall. The FTP server publishing on alternate port numbers requires nothing more than a simple FTP server publishing rule. |
Port redirection for FTP server publishing rules | Using ISA Server 2006, you can receive a connection on one port number and redirect the request to a different port number on the published server. |
Flood Resiliency | A new Flood Resiliency feature protects ISA Server 2006 from being permanently unavailable, compromised, or unmanageable during a flooding attack. |
Enhanced remediation during attack | Flood Resiliency provides enhanced remediation during attacks through log throttling, control of memory consumption, and control of pending DNS queries. |
TopAuthentication
Feature | Description |
Authentication | Users can be authenticated using built-in Windows, LDAP, RADIUS, or RSA SecurID authentication. Front-end and back-end configuration has been separated, providing for more flexibility and granularity. Single sign on is supported for authentication to Web sites. Rules can be applied to users or user groups in any namespace. Third-party vendors can use the SDK to extend these built-in authentication mechanisms. |
Firewall client credentials forwarded to the Web proxy service | ISA Server 2006 allows Firewall clients to access the Web cache with the HTTP filter without requiring separate authentication with the Web proxy service. |
RADIUS support for Web Proxy client authentication | With ISA Server 2006, you can authenticate users in Active Directory and other authentication databases by using RADIUS to query Active Directory. Web publishing rules can also use RADIUS to authenticate remote access connections. |
Delegation of Basic authentication | Published Web sites are protected from unauthenticated access by requiring the ISA Server 2006 firewall to authenticate the user before the connection is forwarded to the published Web site. This prevents exploits from unauthenticated users from reaching the published Web server. |
SecurID authentication for Web Proxy clients | ISA Server 2006 can authenticate remote connections using SecurID two-factor authentication. This provides a high level of authentication security because a user must know something and have something to gain access to the published Web server. |
Single sign on | Single sign on allows users to access a group of published Web sites without being required to authenticate with each Web site. |
Forms-based authentication | Forms-based authentication is now available for all published Web sites, and not just for Outlook Web Access. |
Session management | ISA Server 2006 includes improved control of cookie-based sessions to provide for better security. |
Support for LDAP authentication | LDAP authentication allows ISA Server to authenticate to Active Directory without being a member of the domain. |
TopServer Publishing
Feature | Description |
Secure Web publishing | With ISA Server, you can place servers behind the firewall, either on the corporate network or on a perimeter network, and publish their services. With the improved secure Web Publishing Wizard, you can create a rule that lets users have SSL remote access to published Web servers. |
Path mapping for Web publishing rules | ISA Server 2006 allows Firewall clients to access the Web cache with the HTTP filter without requiring separate authentication with the Web proxy service. |
Preservation of source IP address in Web publishing rules | ISA Server 2006 gives you a choice on a per-rule basis whether the firewall should replace the original IP address with its own or forward the original IP address of the remote client to the Web server. |
Link translation | Some published Web sites may include references to internal names of computers. Because only the ISA Server 2006 firewall and external namespace, and not the internal network namespace, are available to external clients, these references appear as broken links. ISA Server 2006 includes a link translation feature that you can use to create a dictionary of definitions for internal computer names that map to publicly known names. ISA Server 2006 implements link translation automatically during Web publishing. |
Cross-Array Link Translation | This feature allows links in Web content containing an internal server name to be translated to the public name even if the Web content is published in a different array. |
SSL bridging support | To guard against embedded attacks in HTTP traffic, SSL bridging allows SSL protected packets to be decrypted by ISA Server 2006, inspected, and re-encrypted. |
TopPerformance
Feature | Description |
Cache rules | With the centralized cache rule mechanism of ISA Server, you can configure how objects stored in the cache are retrieved and served from the cache. |
BITS caching | ISA Server 2006 provides the caching mechanism for data received through BITS. Any cache rule that you create can be enabled to cache BITS data. |
CARP-enabled Web caching arrays | ISA Server 2006 Enterprise Edition Cache Array Routing Protocol (CARP)-enabled Web caching arrays significantly extend the bandwidth saving and performance-enhancing Web cache included in all versions of ISA Server 2006. Web caching arrays provide load balancing and failover for Web access from any Web browser. |
Web Publishing Load Balancing | ISA Server 2006 will automatically balance the request stream coming from a remote user to an array of published servers. |
HTTP compression | HTTP compression reduces file size by using algorithms to eliminate redundant data during transmission of HTTP packets. |
Diffserv (Quality of Service) | ISA Server 2006 includes a new packet prioritization functionality (provided by the Diffserv Web filter), which scans the URL or domain and assigns a packet priority using Diffserv bits. |
Copyright © 2024 Iron Networks, Inc. All Rights Reserved.