Revisiting NLB bidirectional affinity on ISA Server 2004 SE
Given that NLB is a popular feature, I think its important to provide you more information on this subject so that you can make a more informed decision on whether you should attempt using the limited NLB support included with ISA Server 2004 Standard Edition, or if your deployment requires the robust support for NLB bidirectional affinity that only ISA Server 2004 Enterprise Edition can provide. The following information was provided to me from a very reliable source and you should pay close attention to the details.
First off, the ISA firewall is a stateful firewall. In most cases, when the ISA firewall forwards a request from client C to Server S, the response from Server S must go through the same ISA firewall NLB array member from which the request was received, or else it would be denied.
By Thomas Shinder at ISA Server.
[ Read more ]