In this chapter, we discussed a number of ways to use Web and server publishing rules. Both Web and server publishing rules allow you to make resources on the internal network available to clients on the Internet. Web and server publishing rules can be used to publish resources on the internal network, on a traditional DMZ, or on a private address LAT-based DMZ segment.

Server publishing rules allow you to publish almost any protocol. This is the primary advantage of server publishing over Web publishing. The server publishing rule essentially performs a reverse NAT function. The ISA server does not replace the source IP address on the packet unless you implement the changes noted in Microsoft KB article Q311777. An important consideration when implementing server publishing rules is that you need to avoid port contention on the external interface. No two services can listen on the same port on the same IP address on the external interface of the ISA server. For this reason, you typically need to disable the IIS services on the ISA server. You can also use server publishing rules to publish Web sites. The most common reason for doing this is so that the original client IP address appears in the Web server's log files.

Web publishing rules allow you to publish Web and FTP sites. Web publishing rules are handled by the Web Proxy service. The Web Proxy service is able to examine the application-layer data and make decisions on how to handle...