Key difference between ISA Server 2004 and ISA Server 2006

Posted on January 7, 2009 by Daniel Petri in Networking with 0 Comments

ISA Server 2000 was Microsoft’s first attempt at a commercial and full-featured Firewall + Proxy server product, offering features not found in its predecessor, Proxy Server 2.0, nor in most of the third party commercial firewall products at that time and in its price class.

A few years later, and after several Service Packs and updates, Microsoft released ISA 2004. It was the first major overhaul of ISA Server since its introduction in 2000, and had attempted to close the gap and missing features that were lacking in the original product. ISA added improvements in these key areas:

  • Better and more advanced protection
  • Ease of use and a (very, very needed) improved management interface
  • High performance
  • Better network integration

Next came Microsoft ISA 2006, which included all the ISA 2004 SP2 features and capabilities, plus a bunch of new features missing from its predecessor.

Many times I get questions from my students, asking me to describe the benefits of ISA 2006 when compared to ISA 2004. You see, Microsoft has developed an official MOC (MOC stands for Microsoft Official Curriculum) for ISA 2004, but for some mysterious reason unknown to us, have neglected to develop a similar MOC for ISA 2006. Furthermore, many ISA firewall admins who are currently running ISA Server 2000 or 2004 will want to know why they should upgrade to ISA Server 2006.

Here is a list of some of the new key features available in ISA Server 2006:

  • Share Point Portal Server Publishing wizard – ISA 2006 is designed to provide secure remote access to Share Point Portal Servers.
  • Full support for Exchange Server 2007 – ISA 2006 Exchange Server Web Publishing Wizard includes a number of improvements that makes publishing Exchange easier than ever.
  • Forms-based Authentication – ISA 2006 allows you to use forms-based authentication for any type of Web publishing scenario.
  • Single Sign-on – If multiple Web sites belong to the same domain, and are published by the same Web listener, then users will not be required to reauthenticate and cached credentials are used.
  • Branch office VPN connectivity Wizard – ISA 2006 now has a branch office deployment wizard, that enables the administrator to create a simple answer file that allows a non-technical user to plug a branch office ISA firewall device and run the answer file from a simple link.
  • Enhanced Delegation of Authentication support – ISA 2006 enhances support for authentication delegation by enabling credentials to be delegated as Kerberos, Integrated, Negotiate or basic.
  • Flood Resiliency – ISA 2006 includes built in mechanism to prevent exhaustion of non-paged pool memory so that even when under heavy denial of service type worm or DNS flood attacks, the ISA 2006 firewall will be able to stand up.
  • Enhanced remediation during attack – ISA 2006 has updated stateful packet inspection and IDS/IPS functionality.
  • Support for LDAP authentication – This means that an ISA Server 2006 can authenticate to an Active Directory without needing to be a member of the domain).
  • BITS caching – ISA Server 2006 provides the caching mechanism for data received through BITS. Any cache rule that you create can be enabled to cache BITS data).
  • Web Publishing load balancing – ISA 2006 automatically balances request streams among ISA array members.
  • Support for wildcard certificates on the published Web Server – ISA 2006 allows the use a wildcard certificate on the published Web server.
  • Ability to assign multiple certificates to a single Web listener – ISA 2006 lets you bind multiple certificates to the same Web listener and assign that Web listener to multiple Web Publishing Rules
  • HTTP compression – ISA 2006 performs HTTP compression that reduces file size by using algorithms to eliminate redundant data during transmission of HTTP packets.
  • Quality of Service – A new packet prioritization functionality is incorporated into ISA 2006, which scans the URL or domain and assigns a packet priority using Diffserv bits.
  • Integrated support for Password changes on logon form – ISA 2006 adds the ability for a user to change his password right in the log on form with no special configuration.
  • Improved Alerting – ISA 2006 adds a number of new alerts that help information the ISA administrator of configuration issues, certificate issue, security issues, and threat triggers.


Why ISA 2006 is a Better Solution than ISA 2000 and 2004

Related Articles

Recent Networking Forum threads

Got a question? Post it on our Windows Networking Forums!