I recently was discussing via email with a co-worker about an interesting issue he had with SurfControl for ISA. He setup publishing of OWA with Forms Based Authentication enabled on ISA, and all was working well. After about a month, SurfControl for ISA was installed, and since that time, OWA stopped working, although if ISA were bypassed, it worked fine. The FBA webform would not display if going through ISA.
Eventually, he found that if he went to the Add-In node in ISA Management -> Web filters, and changed the order moving the SurfControl Web Filter to be after the Forms Based Authentication Filter, it worked fine. He contacted SurfControl Technical Support, and they gave him the green light for this solution.
But to me, this didn't make much sense, and it brought up something I'm not quite clear on, and can't find much information about. What is the point of changing the order of the web filters. Obviously, it's there for a reason, since ISA allows you to do this, but under what scenarios would you want to change the order and why?
Also, in this case, I thought it would make much more sense to remove the SurfControl Web Filter from the OWA publishing rule. Why have additional filters on a rule if they're causing problems?
Just looking for thoughts from peers knowledgeable in ISA about this.
Thanks in advance, and sorry if this isn't posted in a more appropriate category. It involves so many of the broad topic categories...