ISA Sequential Rule Processing

Sequential processing got me this week when I was configuring a rule in ISA to allow outbound traffic on port TCP 3000. Traffic kept getting blocked, but I didn’t know why. The rule configuration was correct. After putting a monitor in place, I noticed that the traffic was getting blocked by a rule that was higher up in the rules definitions. This rule was configured with same destination IP and port number. The gotcha is that ISA will match traffic to the first access rule that is processed (in order) from top to bottom. If two rules happen to define the same destination IP and port, the first one is the only one that ever gets processed. ISA considers the first a “match” and never proceeds with processing subsequent rules.

Networking ISA