ISA2004 Standard Edition release sometime in May 2004 and so that naturally means there are some users that may want to try it on SBS2003.  This article is for current SBS2003 premium users w/ ISA2000.  The Configure Email and Internet Connection Wizard (CEICW) in SBS2003 configures ISA2000, but since ISA2004 is totally re-redesigned, CEICW doesn't configure ISA2004.  That won't be a problem if you have ISA2000 already configured by CEICW to start with.  So let me repeat that.  Let CEICW configure ISA2000 for you before you upgrade to ISA2004. 

The ISA2000 to ISA2004 upgrade is pretty seemless.  All your packet filters will be migrated to access rules.  All you web publishing rules will still be web publishing rules in ISA2004.  Some more details on access rules:

In ISA2004, there are no more packet filters.  Instead ISA2004 uses access rules to allow the necessary traffic through from the source network to the destination network for a certain group of people.  For example:  The packet filter created in ISA2000 for SMTP outbound from the SBS server allowed SBS to send SMTP traffic to mail servers on the internet for emailing.  In ISA2004, that packet filter is now an access rule that looks like this:  Allow SMTP (TCP 25) protocol from LocalHost (SBS server) to External (Internet) for All Users Anytime.  The rules are easier to understand, but it may take some time to get use to if you are familiar with ISA2000. 

The one thing about the ISA2000 to ISA2004 upgrade is that inbound packet filters are not converted to Server publishing rules.  Instead ISA2004 converts these inbound packet filters to inbound access rules.  So the packet filter to allow Remote Desktop traffic to the SBS server would look like this in ISA2004:  Allow RDP (TCP 3389) protocol from External to LocalHost for All Users Anytime.

Another concept that is different on ISA2004 from ISA2000 is networks.  ISA2000 would filter and protect the networks inside the Local Address Table (LAT), but in ISA2004 each network is separated and protected from each other.  You'll have to setup access rules to communicate with another network.  For example:  In ISA2000 the SBS server (localhost) and the internal network was considered one network for the most part.  Now in ISA2004 the localhost network is separate from the internal network.  What does this mean?  Out of the box (clean install of ISA2004) nothing will be able to communicated with the localhost network (ISA2000 to ISA2004 upgrades will put in necessary access rules to maintain you network functionality).  You have to setup rules to allow that to happen.  For internal clients to contact the SBS server you'll need the following access rule:  Allow All protocols from internal network to localhost network for all users anytime.  You can change the rule to allow the SBS server to contact client machines by changing the last access rule to:  Allow All protocols from (internal network and localhost network) to (localhost network and internal network) for all users anytime.

Hope this helps you get started with ISA2004 on SBS.