ISA Firewall Auto Log Off Controls Can Be a Security Issue for OWA Publishing

This article, by ISA Firewall specialist Thomas Shinder, explains that earlier versions of ISA Firewall (2000 and 2004) included navigation protection. Navigation protection ensures that if a user goes to another website, such as Google, without logging off OWA, ISA automatically logs the user off. With navigation protection, administrators can rest assured that users are not leaving active OWA sessions behind.

ISA Firewall 2006 no longer includes navigation protection. This is explained in more detail in an ISA Security report published by Messageware Incorporated (
ISA Security Report: OWA Security Issues Undetected by ISA Server) referenced in Thomas Shinder's article.

To read the full article, go to:

Use Ctrl+Shift+R to "Reply all" to the selected message.


Will tablet and Smart phone use be a big part of your OWA 2013 deployment?