1. ISA Server is the ONLY FIREWALL THAT I KNOW today that supports authentication for almost all WINSOCK compliant protocols if you use Windows Operating System.
2. ISA Server stores frequently used caches in memory
3. ISA Server contain out of the box a bunch of application layer filters (http, ftp, smtp, rdp...). Furthermore, if you're kiasu for more, write the filters yourself
4. ISA Server support Cache Array Routing Protocol, Backgroung Intelligent Transfer Service, and HTTP Compression
5. ISA Server works great with Active Directory, Radius, LDAP (running AD), RSA etc.