ISA Server is also a multilayered firewall. Multilayered means that ISA Server provides firewall protection from the IP packet level to the application level. For example, the ISA Server firewall can examine individual IP packets before they enter the firewall, and determine whether the packets are allowed inside of the private network. Using IP filtering, ISA Server can examine packets and identify a number of Denial of Service (DoS) intrusion methods and drop those packets at the firewall before they are allowed to enter.
Aside from packet filtering, ISA Server can also refuse service for certain protocols, Internet sites, or even certain types of content. For example, let's say that you do not want any users on your network using the Internet Relay Chat (IRC) protocol during work hours. You can create a rule that refuses that protocol so that no clients can use it. In the same manner, let's say that you do not want any clients using streaming media. You can create a content rule that refuses that type of content. Whatever your security or management needs, you can easily control them. At the application level, ISA Server also provides application filters that can provide "stateful" inspection of datagrams. These application filters can examine IP traffic in the context of its application and determine whether the traffic is allowed. For example, the H.323 filter allows the use of the H.323 protocol for voice, data, and application-sharing applications, such as Microsoft NetMeeting.
The ISA Server also supports levels of system hardening, in which you can allow ISA Server to provide firewall functionality while providing other network services to clients, or you can choose a dedicated approach in which ISA Server functions only as a firewall and does not run any applications or network services. The choices are users, and the versatility of ISA Server makes it easy for you to deploy and configure it in a way that meets your network security and management needs.