Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.Could you explain why that is? Are there some particular failings of ISA that ward you off, or is it just because it resides on top of Windows?
Please reed the following :
http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls
http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx