I am re-designing a small network (30 users), mostly the Internet facing portion. This will probably involve an ISA 2004 server for outbound proxy and handling remote access to a new Exchange server on the internal network. The ISA server would be dual-nic, with external nic sitting on the DMZ behind a firewall and the other nic internal.
Part of the test if\sproviding a test of users downloading some files re-directed from their hosting vendor. User is on www site, clicks to download (HTTP) a file, then is redirected to network in question.
My question is: Can I let this download come from the ISA server or do I need a separate server on the DMZ for security? If the concept proves valid, I would need a separate server for performance, but was not sure it was technically or security necessary.