Setting up a test environment. Have an Exchange 2003 server on the internal network. Have a Watchguard internet firewall and a uni-homed ISA server in the DMZ of the firewall. Have set up the ISA server as an SMTP smart host & relay successfully (mails flows in both directions). Next step is to get OWA access to the Exchange working through the ISA server. I've created the correct HTTP firewall rules on the watchguard, just as I did for SMTP. The Watchguard firewall log shows the HTTP traffic as being allowed in. ( I know I should use SSL - that will be the next step once this works). I have used the mail server publishing wizard on the ISA server and setup the rule and told it to listen for all networks. It appears to me that the ISA server never "hears" the http traffic coming in and it dies right there. I know this because I set the Watchguard to also log http traffic allows from the DMZ to the internal network, and I never see such an allow log entry. I can get to Exchange OWA from the internal and DMZ networks just fine, it just doesn't work from the outside.
They need to keep their existing hardware firewall and I had previously setup a Linux server in the DMZ to act as a mail relay/bastion host. I thought replacing the Linux server with ISA would be an improvement and add ability to publish OWA securely, and add RPC over HTTP access and OMA for remote users.