TABLE OF CONTENTS The ISA firewall is able to perform both stateful filtering and stateful application layer inspection. The ISA firewall s stateful filtering feature set makes the ISA firewall a network layer stateful firewall in the same class as any hardware firewall that performs stateful filtering at the network and transport layers. Stateful filtering is often referred to as stateful packet inspection, which is a bit of a misnomer because packets are layer 3 entities and in order to assess connection state, layer 4 information must be assessed.
However, in contrast to traditional packet filter based stateful hardware firewalls, the ISA firewall is able to perform stateful application layer inspection. Stateful application layer inspection enables the ISA firewall to fully inspect the communication streams passed by the ISA firewall from one Network to another. In contrast to stateful filtering where only the network and transport layer information is filtered, true stateful inspection requires that the firewall be able to analyze and make decisions on all layers of the communication, including the most important layer, the application layer.
In this chapter we will discuss the following:
Application Filter
Web Filters
The Web filters perform stateful application layer inspection on communications handled by the ISA firewall s Web Proxy components. The Web Proxy handles connections for HTTP, HTTPS (SSL), and HTTP tunneled FTP connections. The Web filters take apart the HTTP communications and expose them to the ISA firewall s application layer inspection mechanisms, examples of which include the HTTP Security filter and the OWA...
