What Is Packet Filtering in ISA Server?

A firewall’s main role is to check network traffic from entering an internal network except the traffic is explicitly allowed. One way that a firewall ensures this is in the course of packet filtering. Packet filters manage access to the network at the network layer by testing and allowing or denying the Internet Protocol (IP) packets. When the firewall tests an IP packet, it checks only information in the network and transport layer headers.
A packet-filtering firewall can calculate IP packets using the following criteria:
? Destination address
The destination address may be the authentic IP address of the destination computer in the case of a routed connection between the two networks being linked by ISA Server. In the case of NAT the destination may also be external interface of the ISA Server.

? Source address
This is the IP address of the computer that initially transmitted the packet.
? IP protocol and protocol number
You can organize packet filters for Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), and any other protocol. Each protocol is assigned a number. For example, TCP is protocol 6, and the Generic Routing Encapsulation (GRE) protocol for Point-to-Point Tunneling Protocol (PPTP) connections is protocol 47.

? Direction
This is the path of the packet through the firewall. In mainly cases, the direction can be distinct by inbound, outbound, or both. For some protocols, such as File Transfer Protocol (FTP) or UDP, the directional choices may be Receive Only, Send Only, or Both.

? Port numbers
A TCP or UDP packet filter defines a local and remote port. The local and remote ports can be defined by a fixed port number or a dynamic port number.