If you know the protocol (TCP, UDP, etc.) and the port number(s) from the logs, then create a custom protocol definition if you recognize the traffic: right-click on Firewall Policy > View > Task Pane > in the task pane on the right, go to Toolbox > Protocols > New menu > Protocol. (If you don't recognize the traffic, then avoid mis-identifying the protocol, just leave it as "Unidentified" in the logs.) Now ISA can match that traffic to the protocol definition, and the protocol name appears in the logs.
To identify the unknown applications, you'll have to install the ISA Firewall Client software on your users' machines, since no other client type reports process names to the ISA box except for the Firewall Client software.
Hi, I have installed ISA 2004 in the test environment. I have installed Message screener and IIS on the same box. I have created all the apprpriate rules. I am generating some smtp traffic but can not see the log file (EML.W3C) in the logs folder. I can see these logs in the firewall logs as denied packets. Can anybody tell me where am I wrong?