TABLE OF CONTENTS The ISA firewall s Access Policy (also known as firewall policy) includes Web Publishing Rules, Server Publishing Rules and Access Rules. Web Publishing Rules and Server Publishing Rules are used to allow inbound access and Access Rules are used to control outbound access.
The concepts of inbound and outbound access are somewhat more confusing with the new ISA firewall, when compared to their interpretations in ISA Server 2000. The reason for this is that ISA Server 2000 was Local Address Table (LAT) based. The definitions of inbound and outbound access were relative to the LAT. Inbound access was defined as incoming connections from non-LAT hosts to LAT hosts (external to internal). In contrast, the new ISA firewall does not have a LAT and there is not a comparable concept of an internal network in the same way that there was an internal network defined by the LAT in ISA Server 2000.
In general, you should use Web Publishing Rules and Server Publishing Rules when you want to allow connections from hosts that are not located on an ISA firewall Protected Network to a host on an ISA firewall Protected Network. Access Rules are used to control access between any two networks. The only limitation is that you cannot create Access Rules to control access between networks that have a Network Address Translation (NAT) relationship when the initiating host is on the non-NATed site of the relationship.
For example, suppose you have a NAT relationship between the default Internal Network and...
