Here it come another post about Firewall Service crashing and again the best approach to catch this crash was to attach a debugger to the firewall service (see this article to know how to do this). Result was quiet interesting because at this time there was no third party involved. After some research I found out that this was a known issue and fixed by KB http://support.microsoft.com/kb/956268.
This brings another important point: keep your ISA Server up to date on patches. Don’t think that because you already have ISA Server 2006 SP1 that you are on the latest bit version for ISA. Keep watching for new updates, mainly for “hotfix package”. In this case instead of applying 956268, I applied the latest “hotfix package”, which was http://support.microsoft.com/kb/960148. Since the hotfix is cumulative, this package not only fixes the crash issue but also other issues that might happen, such as:
957655 (http://support.microsoft.com/kb/957655/ ) When you configure Firewall Logging or Web Proxy Logging to use the ISA Server file format in ISA Server 2006, the reports only contain partial log entries
960145 (http://support.microsoft.com/kb/960145/ ) FIX: After you install Update Rollup 3 for Exchange Server 2007, the users may be unable to access their mailboxes by using OWA that is published by using ISA Server 2006
958607 (http://support.microsoft.com/kb/958607/ ) FIX: Users can unexpectedly bypass the ISA Server 2006 redirection rule for HTTPS when they try to access Outlook Web Access
959331 (http://support.microsoft.com/kb/959331/ ) You cannot disconnect a Web proxy session when you remotely manage ISA Server 2006 by using the ISA Server Management console
960146 (http://support.microsoft.com/kb/960146/ ) An update is available for ISA Server 2006 to control the domain name and user name format in Kerberos Constrained Delegation scenarios
Notice that this is big set of issues that were fixed and therefore you shouldn’t ignore. In summary, the tip of the day is: keep your ISA Server 2006 up to date with the latest hotfix package.