I had the opportunity to work extensively with ISA 2006 again this week, but this time I took some time to write down several tips!
I hope this info helps someone, I know I will use it again.
Enabling RDP to ISA: Use Administrative Tools, Terminal Services Configuration, RDP-TCP to set RDP to only listen on the INTERNAL nic. Then in ISA Management enable the "System" Rule that allows RDP, and add your administrative machine's IP to the "Remote Management Computers" Computer Set in the Toolbox under Firewall Policy! Whew!
Allow Browsing / CIFS connections "from" ISA: The trick here is to allow connections back to the ISA, as the default "System" rule will allow file connections from ISA… but not network browsing. So, add a rule for all of the NetBios stuff from Internal to Localhost. (The default rule is only from Localhost to Internal).
If you have AD DNS set to use forwards, create a rule for your internal DNS servers to access External.
If you want your primary AD to get external time, create a rule for NTP from it (or Internal) to External.
If you want to ping from your network to the internet, create a rule for the ICMP and PING from Internal to External.
If you want to allow VNC "Add Client" for remote support, add a rule for VNC/5500 from Internal to External.
If you are trying something that doesn't work… use monitoring. Add the Client IP of the machine you are testing from, and just watch the connections that are trying to be made… this is the best way to write the rules you need!
