One of the common mistakes I see people make when dealing with ISA is not waiting enough time for the firewall to synchronize with the configuration database. Changes made in the client are modified in the database first, then the firewall polls this database for changes and synchronizes these with it’s local ADAM directory. This allows ISA to maintain it’s configuration without the need for access to the configuration database. By default, the firewall will poll for changes every 15 seconds. You can see this setting here:
As you can see, I changed mine to 5 seconds. I have done this while I was doing the initial configuration, but will change it to a higher value, once I have everything stable. You can verify that all ISA servers in the array have been synchronized by looking at the Monitoring->Configuration tab
As you make changes to ISA, you must wait until the status shows “Synced”, this will ensure that you are testing against the most recent changes committed to the database. This should save you some major headaches and possible hair loss. Good luck….
My name is Bobby Shea and I am an Infrastructure Practice Team Lead for EMC Application Consulting. When I am not working I enjoy riding my motorcycle with my wife, spending time with my family, watching NHL Hockey and exploring new technology.