I've got ISA 2004 w/SP2 installed in single NIC mode to allow authentication/proxy/reporting. We do not use the full firewall capability because we have another corporate firewall in place. Since this ISA has been in place (8 mos), we have noticed a slowdown in general web surfing. Also, there are some websites which do not come up: they just sit there trying to load, but never fully resolve, or some of the graphics do not appear. bypassing the ISA 2004 server and going out through the firewall results in no slowdown and the specific site work and resolve fully.
we have 4 firewall policy rules:
1. Filtering software (allow) (new protocol we created), (local host), (all networks and local host), (all users)
2. filtering software admin (allow) (another new protocol we created), (internal), (local host), (all users)
3. web access (allow) (ftp, HTTP, HTTPS), (internal), (all networks and local host), (all authenticated users)
4. last default rule (deny) (all traffic), (all networks), (all networks and local host), (all users)
for NETWORKS, since we are unihomed, the only active network is INTERNAL. it has address ranges: 10.0.0.0-10.255.255.255, 0.0.0.1-22.214.171.124, 126.96.36.199-188.8.131.52, 240.0.0.0-255.255.255.254. our internal network is represented by the 10.0.x.x range
properties for INTERNAL network:
ADDRESSES: IP ranges listed as above
DOMAINS: nothing listed
WEB BROWSER: nothing listed
AUTO DISCOVERY: nothing listed
FIREWALL CLIENT: (unchecked)
WEB PROXY: enable web proxy client checked, enable HTTP checked with 8080 listed in port box. Authentication method is INTEGRATED, BASIC and "require all users to authenticate" is UNCHECKED.
Anyone care to look this over and see if I have a mistake anywhere. We are starting to think about dumping the ISA server because of the slowness and timeouts, but I still like the reporting features. I also have access to ISAINFO and can post/email a log if needed.