For security purposes, a standalone server is the best choice. If you are doinig a multi-layered approach, your edge firewall should always be a standalone.
If you go with standalone, you can still authenticate with AD. But, a member server isn't that big of a deal on an internal firewall.
If you are going with a single firewall solution, you can use RADIUS to authenticate the users with AD. I would not joing the ISA server to the domain. If the server would ever become compramised, the attacker would not be able to use that domain membership as a starting point for an attack on the rest of your network.