Release: Microsoft ISA Server 2006 and Best Practices Analyzer

After a very short beta program Microsoft silently published the new version of its enterprise firewall: ISA Server 2006 (both Standard and Enteprise version).

Below the list of new features:

• Increase security and deployment flexibility for Web application servers through enhanced multifactor authentication (smartcards, one-time passwords), flexible integration with Active Directory (Lightweight Directory Access Protocol), and customizable forms-based authentication for almost any Web application and client device


• Easily integrate ISA Server with your existing authentication infrastructure through enhanced authentication delegation (including NTLM, Kerberos, and SecurID), and gain more access control with improved session management that detects non-user traffic through automatic idle-based timeouts


• Maintain secure branch office infrastructure using Background Intelligent Transfer Service (BITS) caching to accelerate the deployment of software updates and keep remote computers protected


• Help defend your network with enhanced flood resiliency features for event handling and monitoring that provide better resistance to denial-of-service (DoS) and distributed-denial-of-service (DDoS) attacks


• Mitigate the effects infected machines have on your network with enhanced worm resiliency through simplified client IP alert pooling and connection quotas


• Enhanced attack remediation through comprehensive alert triggers and responses can quickly notify administrators of network problems


• Simplify the process of securely publishing Exchange, Windows SharePoint Services, and other Web servers with automated wizards for multiple sites and enhanced certificate administration to avoid configuration errors


• Web publishing load balancing makes it easy to deploy entire farms of Web servers behind ISA Server deployments using session- and IP-based affinity with automatic out-of-service detection


• Easily deploy and configure ISA Servers in branch offices by using answer files on removable media for unattended installation and with automated virtual private network (VPN) wizards to streamline connectivity


• Manage remote ISA Servers more effectively with faster propagation of enterprise policies, reduced server requirements, and low-bandwidth optimizations


• Log throttling and control of memory consumption and pending Domain Name System (DNS) queries provides enhanced resource control


• Unify management and monitoring across your ISA Server infrastructure with the Management Pack for Operations Manager 2005, and use enterprise- and array-level policies to easily control security and access rules across your organization


• Enable a smoother user experience for published Web applications, document libraries, and content through single sign on and comprehensive link translation to help ensure secure and consistent access


• Improve Web page load times and reduce WAN costs for users in branch offices with HTTP traffic compression and caching


• Help ensure that the highest priority applications get precedence over other network traffic through DiffServ IP settings, providing better bandwidth utilization and response times for critical Web resources

As I said before and as you can everybody can notice, despite the name, this release is everything but a major update.

The new version has been submitted to Common Criteria aiming to obtain EAL4+ certification, like ISA Server 2004 already did.

The Tracking Microsoft ISA Server versions post has been updated accordingly.


At the same time Microsoft also updated the ISA Server Best Practices Analyzer, a tool able to scan system and firewall installation and report typical misconfiguration issues.
The tool is good for a very superficial analysis of installation but don't hope it can help finding firewall configuration errors (like rules order, objects definitions, etc.).

Download it here.


Now the product is out we can finally concentrate on the ISA Server 2007 (tentative name) release, which is planned for H2 2007 and expected to be much more competitive than actual version, built on the new Windows codename Longhorn stack, having missing enterprise-class features and incorporating SSL VPN capabilities obtained by Whale Communications acquisition.