Standard Edition
Microsoft® Internet Security and Acceleration Server 2004 is the advanced
application-layer firewall, VPN, and Web cache solution that enables customers to
easily maximize existing IT investments by improving network security and
performance.
A member of the Microsoft
Windows Server System™,
Microsoft Internet Security and
Acceleration Server 2004 is a
highly secure, easy to use , cost-
effective solution that helps IT
professionals combat new and
emerging threats.
www.microsoft.com/isaserver
Microsoft Internet Security and
Acceleration (ISA) Server 2004
provides advanced protection, ease
of use, and fast and secure access
for all types of networks.
What’s New in ISA Server 2004
ISA Server 2004 contains a full-
featured, application-layer-aware
firewall that protects organizations
of all sizes from attack by both
external and internal threats.
ISA Server 2004 performs deep
inspection of Internet protocols such
as HTTP enabling it to catch many
threats that traditional firewalls
cannot detect.
ISA Server 2004 provides unique
levels of protection for Microsoft
Outlook Web Access, including:
• Pre-Authentication which
prevents anonymous user logins,
a key attack vector.
• HTTP Filtering that provides
deep inspection of application
content.
• A Web publishing rule that
enforces secure forms-based
authentication.
• Secure Sockets Layer decryp-
tion, enabling SSL traffic to be
inspected for malicious code.
• Multifactor authentication,
providing authentication whether
the remote mail scenarios use
Remote Authentication Dial-In
User Service (RADIUS) or RSA
SecurID.
• Attachment blocking and
session timeout so that users’
email sessions cannot be left
open indefinitely for others to use.
The integrated firewall and Virtual
Private Network (VPN) architecture
of ISA Server 2004 support stateful
filtering and inspection of all VPN
traffic and provide VPN client inspec-
tion for Windows Server 2003-based
quarantine solutions, helping to
protect networks from attacks that
enter through a VPN connection.
In addition, a completely new user
interface, wizards, templates, and a
host of management tools simplify
setup, deployment, and management,
helping administrators avoid common
security configuration errors.
Advanced Protection
The application-layer security built
into ISA Server 2004 is particularly
well suited for protecting networks
that are running Microsoft applica-
tions, such as Internet Information
Server, Office SharePoint® Portal
Server, Routing and Remote
Access Server, Active Directory®
directory service, and others. Key
capabilities include:
• Multi-layer inspection provides
comprehensive and flexible policies
 to control application-specific
traffic with application, command,
and data-aware filters. By intelli-
gently filtering VPN, HTTP, FTP,
SMTP, POP3, DNS, H.323 confer-
encing, streaming media, and
RPC traffic, ISA Server 2004 can
accept, reject, redirect, and modify
traffic based on its contents.
• Advanced application layer
filtering helps protect user
information by performing deep
HTTP stateful inspection, with the
extent of the inspection configured
on a per-rule basis. This approach
enables administrators to config-
ure custom constraints for both
inbound and outbound access.
• Unified firewall and VPN policy
management, deep content
inspection, and VPN quarantine
integration make it easier to
secure inbound traffic and protect
your network from inside attacks
through VPN client access control.
• Integrated multi-networking
capabilities, network templates,
and stateful routing and
inspection capabilities enable
you to deploy ISA Server 2004
into existing IT environments as
an edge, departmental, or branch
office firewall without changing
your network architecture.
Easy to Use
An all-new user interface and sim-
plified management tools provide
unified VPN and firewall manage-
ment through a robust visual policy
editor. ISA Server 2004 also comes
with intuitive network templates,
automated wizards, and enhanced
troubleshooting tools. Together, these
ease-of-use features can lower the
cost of ownership and help you avoid
security configuration errors. With
ISA Server 2004, you can:
• Shorten ramp-up time for new
security administrators with
easy-to-use management tools
that will help prevent security
breaches due to firewall
misconfiguration.
• Minimize network access down-
time by enabling administrators to
securely and remotely manage
firewall and Web cache services.
• More easily secure corporate
applications, users, and data
because ISA Server 2004
integrates with Windows Active
Directory, third-party VPN
solutions, and other infrastructure
components.
• Easily obtain support and
information from the thriving
community of partners, users, and
Web resources that support
ISA Server 2004.
Fast and Secure Access
ISA Server 2004 enables you to
connect users to relevant informa-
tion on your network in a high-speed
and cost-effective manner. With ISA
Server 2004, you can:
• Provide fast, secure, anywhere/
anytime access to corporate
applications and data, such as
e-mail, calendar, and contact
information stored on Microsoft
Exchange Server.
• Establish a safe, reliable, and
high performance infrastructure
for both inbound and outbound
Internet data access.
• Offer users the convenience of
a single sign-on, with multiple
Internet-standard authentication
mechanisms to verify user identity.
• Further enhance security with
an integrated, single-server solu-
tion that puts only the necessary
services—such as firewall
security, VPN, and Web cache—
at the edge of the network.
• Scale out your security infra-
structure as your networking
needs grow by taking advantage
of the flexible, multi-network
architecture of ISA Server 2004.
• Enhance network performance
and reduce bandwidth costs by
using Web caching in corporate
data centers and branch offices.
Ideal for Businesses of All Sizes
Through its integrated firewall, VPN,
and caching solution, ISA Server
2004 offers small and medium-sized
businesses a great way to leverage
their investment in Microsoft tech-
nology. Typically, these businesses
have few IT resources. ISA Server
enables them to meet their network
security and business needs in a
cost-effective manner.
For large enterprises, ISA Server
2004 helps protect and extend their
investment in Microsoft technology.
ISA Server 2004 is also well suited
for branch offices, enabling compa-
nies to save money by using a single
configuration and management
point for security and connectivity.
A Flexible Solution
ISA Server 2004 is designed to
meet customer demand for a single,
integrated solution that is flexible
enough to be used in a variety of
scenarios. Possible uses include:
• Enabling employees outside the
network to access their corporate
e-mail and data, as well as
controlled areas of the corporate
network
• Enabling partners to access only
selected information within the
corporate network
• Enabling branch offices to
communicate with the main office
or each other in a secure and
cost-effective manner
• Controlling and monitoring
employee Internet browsing
• Boosting network performance
through caching
• Protecting employee desktops
from malicious traffic on the
Internet
Product Highlights
Feature
Guard sensitive corporate applications and data
Multilayered content inspection
Integration with diverse
applications
Integrated VPN functionality
Comprehensive authentication
mechanisms
Easily manage network security policies and firewall configuration
Multinetworking capabilities and
templates
Unified firewall and VPN
management interface
Enhanced troubleshooting
Speed access and improve efficiency
Enhanced firewall architecture
Faster, lower-cost Internet access
Benefit
Includes an advanced application-aware firewall to help protect IT assets against hackers and viruses and
block undesirable traffic, while enabling complex application traffic to travel over the Internet.
Provides users with faster, more secure access to applications and services, including Microsoft Exchange
Server and Microsoft Internet Information Services.
Helps secure inbound traffic and protect your network from inside attacks. Built-in IPSec tunnel mode
support enables you to easily connect site-to-site VPNs .
Authenticate network users through built-in Windows or RADIUS namespaces, using a variety of
credentialing mechanisms, including RSA SecurID.
Enable you to quickly deploy ISA Server 2004 into your existing IT environment as an edge, departmental,
or branch office firewall—without changing your network topology.
Provides easy-to-use management tools, including an enhanced visual policy editor, to shorten the learning
curve and minimize security breaches that can occur due to misconfiguration.
Includes a new monitoring dashboard with real-time log viewer, enabling you to quickly view summarized
firewall status information or drill down into the details.
Increases network efficiency by enabling authorized traffic to pass through the firewall faster. Both the
application-layer filtering and the ability to centrally configure cached object storage and retrieval policies
improve network performance.
Improves user productivity and saves on bandwidth costs by using the ISA Server Web cache to serve
content locally.

Microsoft Internet Security and Acceleration Server 2004

Standard Edition Feature Details
Feature Benefit
Multinetwork support
Multiple- You can configure one or more networks, each with distinct relationships to the others, and can define
New network access policies for each network. ISA Server 2004 will inspect traffic between any defined networks.
configurati
on
Unique You can protect your network against internal and external security threats by limiting communication
New per- between clients—ev en within your own organization.
network
policies
Stateful ISA Server 2004 examines data crossing the firewall in the context of its protocol and the state of the
New
inspection connection, no matter what its source or destination.
of all traffic
Routed ISA Server 2004 defines relationships between networks, depending on the type of access and
and communication allowed between them.
network
New address
translation
(NAT)
relationshi
ps
New Network ISA Server includes five network templates that correspond to common network topologies. Once you use
templates one of the templates to configure the firewall policy, ISA Server will automatically create the necessary
rules and network relationships.
Virtual Private Networking
Improved VPN ISA Server 2004 includes fully integrated VPN capabilities, based on Windows Server 2003 Routing and
Administrat Remote Access Server. ISA Server 2004 can assign IP addresses to VPN clients connecting to the
ion network and can apply policy on all remote traffic.

Security ISA Server 2004 enables you to configure VPN clients as a separate network and create distinct access
policies policies for each VPN client. The rules engine uses the access policy to check requests from VPN clients,
New
and statefully inspect these requests, and dynamically open connections between the VPN clients and the
stateful network.
inspection
for VPN

Interoperability with third- Support for the industry-standard IPSec protocol means that ISA Server 2004 can plug into
New
party VPN solutions environments with VPN infrastructures from other vendors, including infrastructures employing IPSec
tunnel mode configurations for site-to-site connections
Security Infrastructure
Improved Application filtering ISA Server 2004 enables you to choose from a variety of new application filtering capabilities and server
publishing scenarios. One new filtering capability, enhanced HTTP filtering, is specifically designed for
Exchange Server, Outlook Web Access, and Internet Information Server.
New Extensive protocol support You can use dozens of predefined protocols to integrate ISA Server 2004 with major Internet
applications. ISA Server 2004 enables you to control access to any protocol and usage of any protocol,
including IP-level protocols and IPSec traffic.
Improved Authentication You can authenticate users using built-in Windows, RADIUS, or RSA SecurID authentication types or
mechanisms namespaces, applying rules to users or user groups in any namespace.
Improved Simplified policy model ISA Server 2004 now uses a single ordered rules engine that provides detailed mechanisms for
managing traffic and enforcing policy. Using this rules engine, administrators can control network and
Internet access by user, group, application, content type, schedule, and destination.
Dynamic packet filtering ISA Server 2004 reduces the risk of external attacks by opening ports only when needed.
Improved Smart application filters Data-aware filters that block only certain types of content enable you to control application-specific
traffic, such as e-mail and streaming media.
Improved Updated firewall client The ISA Server 2004 firewall client enables you to integrate authentication, automatic web proxy
configuration, and role-based security using group policies. Other key enhancements include better
connectivity for complex protocols, multi-user account support, and encrypted communications.
Transparency for all clients ISA Server is compatible with clients and application servers on all platforms, including both NAT and
SecureNAT clients, with no client software required.
Improved Publishing ISA Server 2004 enables you to place servers behind the firewall, either on the corporate network or on
a perimeter network, and securely publish their services to the Internet.
Link translation The link translation functionality in ISA Server 2004 allows for intelligent translation of internal links into
publicly accessible sites.
Cache
Improved Cache rules A centralized mechanism for cache policy rules enables you to configure how objects stored in cache
are retrieved and served.
Efficient content You can improve response times and cut bandwidth costs by distributing and caching Web sites and
distribution e-commerce applications locally, so as to bring Web content closer to users.
High-performance Web Web caching provides users with accelerated Web access and saves network bandwidth.
cache
Smart caching You can proactively cache popular objects to ensure the freshest content for each user. You can also
preload the cache with entire Web sites on a defined schedule.
Management
Improved Management New management features make it easier to secure your networks. ISA Server 2004 also offers new
user interface features, such as task panes, help panes, and a new look for the firewall policy editor,
including drag-and-drop capabilities.
New Export and import ISA Server 2004 introduces the ability to export and import configuration information between ISA
Server computers through an XML file, enabling you to easily replicate firewall configurations for multi-
 site deployment.
New Dashboard A single view presents a summarized version of key monitoring information. If you note a problem, you
can easily drill down into other monitoring viewers for more information.
New Log viewer A log viewer lets you display the firewall logs in real time—either in an online real-time mode or in a
historic review mode. You can also apply filtering to log fields to identify specific entries.
Improved Built-in reporting You can run scheduled standard reports on Web usage, application usage, network traffic patterns, and
security.
Specifications
To use Microsoft Internet
Security and Acceleration
Server 2004 Standard Edition,
you need:
• PC with a 550 MHz Pentium III or
higher processor (ISA Server 2004
Standard Edition supports up to four
CPUs on one server)
• Microsoft Windows® 2000 Server or
Advanced Server with Service Pack 4
or later, Windows 2000 Datacenter
Server or Windows Server 2003
Standard Edition or Enterprise Edition
• 256 MB of RAM or more
(recommended)
• NTFS-formatted local partition with 150
MB of available hard-disk space;
additional space required for Web
cache content
• Network adapter that is compatible with
the computer's operating system for
communication with the internal
network; one additional network
adapter, modem, or ISDN adapter for
each additional network connected to
the ISA Server computer
• CD-ROM or DVD-ROM drive
• VGA or higher-resolution monitor
• Keyboard and Microsoft Mouse or
compatible pointing device
Notes:
If you install ISA Server 2004 Standard
Edition on a Windows 2000 Server
operating system, you must install the
following: Windows 2000 Service Pack 4
or later and Internet Explorer 6 or later.
If you are using the Windows 2000 Server
or Advanced Server release that also
installs Service Pack 4, you must install
the hot fix specified in article 821887 in
the Microsoft Knowledge Base.
Microsoft recommends that all customers
deploy current security implementation
best practices as outlined at
www.microsoft.com/security . Additional
hot fixes may be recommended.
Actual system requirements will vary
based on your deployment configuration,
expected load, and the features you
choose to install.

For more information about Microsoft Internet Security and Acceleration Server 2004, visit http://www.microsoft.com/isaserver .

TO ORDER:
To order Microsoft Internet Security and Acceleration Server 2004 , or to receive a reseller referral in the United States or Canada, call (800) 621-7930, Dept.
A334DS. Outside the United States and Canada, please contact your local Microsoft subsidiary. Customers who are deaf or hard-of-hearing can reach
Microsoft text telephone (TTY/TDD) services by calling (800) 892-5234 in the United States or (905) 568-9641 in Canada.

© 2004 Microsoft Corporation. All rights reserved. This data sheet is f or informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
SUMMARY.
Microsoft, Active Directory, Outlook, SharePoint, Windows, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.