ISA Server rules are evaluated in the order in which they appear in the firewall policy. The order of the rules affects not only the effective policy for your organization, but the efficiency with which the rules are evaluated. Since the first rule match ends the need to check additional rules, your firewall policy will work most efficiently if the rules that can be evaluated quickly, and are likely to result in a match, are placed near the top of the order.
For example, you may have rules that allow access to most users in your organization for requests that are very common. If you put those rules near the top of the rule order, those common requests will be evaluated quickly, without searching through the full rule base. If you can design that rule to depend on rule elements that can be evaluated quickly, such as IP addresses, rather than on more complex rule elements, such as domain name sets, you will increase the efficiency even more.
For more tips on firewall policy, see Best Practices Firewall Policy.
ISA Server User Education
now you should can import the new blacklist.