Deploy an ISA-secured perimeter network to isolate Internet-facing services from the rest of the internal network.
Get acquainted with the System Policy Editor, and understand what default System Policy rules are in place on the ISA server.
Use the Network Template Wizard for the initial configuration of a new ISA Server, but manually create networks and network rules for any changes that are made after the server goes into production.
Create access rules on the firewall only when there is a specific business need to do so. If there is not, deny the traffic by default.
Create networks in ISA to correspond with each network card that is connected to a logical grouping of subnets connected by network routers. Do not create individual networks for multiple subnets to which ISA is not directly connected.