1. yes, 0.0.0.0/0 will direct all 80 requests to your ISA ... I understood youe scenario now ... 🙂
2. /32 is your public ip address, so if you use it in DNAT you should configure proxy arp
3. So i think final NAT script should be
[ DIRECT PUB ADDRESS 80 REQUESTS TO ISA ]
set security nat destination pool dnat-pool-http address <ISA-IP>/32 port 80
set security nat destination rule-set dst-nat from zone untrust
set security nat destination rule-set dst-nat rule http-forwarding match destination-address <PUB-IP>/32
set security nat destination rule-set dst-nat rule http-forwarding match destination-port 80
set security nat destination rule-set dst-nat rule http-forwarding then destination-nat pool dnat-pool-http
[ HIDE INTERNET IP FOM ISA ]
set security nat source rule-set src-nat from zone untrust
set security nat source rule-set src-nat to zone trust
set security nat source rule-set src-nat rule http-forwarding match destination-address <ISA-IP>/32
set security nat source rule-set src-nat rule http-forwarding then source-nat interface
[PROXY ARP]
set security nat proxy-arp interface reth1.0 address <PUB-IP>
Regards