ISA in SBS - yes, it's secure
There was always a lot of confusion as to what a Secure NAT client, a Web Proxy Client and a Firewall Client really were in ISA2000. In ISA2004 however, it should be a little more clear, if only because you can view the connected computers and have ISA tell you which method they are using to connect. Don't be alarmed to find out that one client computer is connecting using more than one method. This is expected. Typically applications such as anti-virus will use webproxy while using Inernet Explorer will use an SNAT connection and the Firewall client will show up when a user needs to dymanically open a port, say to transmit payroll data. This monitoring tool really exposes for you all the ways ISA is protecting your network.
Don't forget to install the new Firewall client on all of your computers. The new Firewall client encypts transmissions by default. Once you have the new Firewall client installed on the computers you can disallow non-encrypted Firewall clients. To do so, in the ISA MMC expand Configuration, then click on General. In the right hand pane click on Define Firewall Client Settings. Select the Connection tab and uncheck that box!