Isa server should change totally like a new models car.there should be more security.it should have its own personal firewall.lots of third party addons should be in it.real time monitoring is needed in it.cache should be little more advance and custom.isa should also be based on mac address based like client set address.application restriction like we restrict user by adding application name in FW should be more advance like it should be individually base.in this way we can restrict selected users.cache should be removeable by selecting different things from it.scheduled contant should b more filtered so we if we dont want giff images to download or its exe files or something like that.extension part should be more gui and programmable.software routing should b in it.its event viewer or log file viewer is not as good as win 2000 or win 2003 they should really work on it.thats it microsofttttttttt.
there should be a cache montor.i mean how much space is available and how much is been used.a band width controller per user or per ip is needed in it.in short we dont wanna use thirt part add ons any more.
there is ALOT of things i think isa server needs. to begin with, bandwidth monitor and limitations, both quota based and bandwidth speed based. per user, per ip, per everything! lol also support for multiple internal and external interfaces. but i think that is already under way for isa 2004. in short, i don't consider isa server a high end firewall, it's more of a backend high end proxy server with firewall features and maybe some user management. good for Windows domains. currently i'm also lookin at checkpoint and symantec enterprise firewall 8.0, although i think isa will always have a place in my network, it won't be number one for a long time to come.
If you need a high speed packet filter, then pix or checkpoint is what you need.
ISA does support multiple external interfaces, and if you want to pay for the software add-ons, you'll still pay less then you would pay for a comparable firewall of another brand.
I never had understood how people could trust a simple packet filter like a pix, and think they had any level of protection or access control. No wonder some many networks get hacked on a regular basis!