Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ISA as firewall ?

0 views
Skip to first unread message

Marlon Brown

unread,
Dec 3, 2002, 5:06:11 PM12/3/02
to
How effective is ISA when used as firewall ?


TwistedPair

unread,
Dec 3, 2002, 7:04:37 PM12/3/02
to
It has some funny quirks, but all-in-all, it is a VERY good firewall.

"Marlon Brown" <marlon...@hotmail.com> wrote in message
news:OytPugxmCHA.2012@TK2MSFTNGP11...

Glenn Phillips

unread,
Dec 3, 2002, 7:26:35 PM12/3/02
to
> How effective is ISA when used as firewall ?

Don't listen to people who tell you that it's a toy and won't offer any
protection. That's not true.

I'd say it's one of the best on the market - for the niche it's in. ISA is
very good when you are using a simpl inside/outside paradigm. When it comes
time to put in a DMZ, then a lot of the really good stuff is no longer
available to you, unless you put in two ISA firewalls.

HTH
Glenn


Karl Levinson [x y] mvp

unread,
Dec 3, 2002, 9:59:03 PM12/3/02
to

"Marlon Brown" <marlon...@hotmail.com> wrote in message
news:OytPugxmCHA.2012@TK2MSFTNGP11...
> How effective is ISA when used as firewall ?

Like any firewall, it depends on how you configure it and whether you've
installed the numerous patches released for it. However, it does cost a
hefty $1500 plus the computer hardware it runs on [maybe another $1000], and
being a computer it has moving parts that can break. Unless you need the
extra features like proxy server and/or integration with Windows
authentication, you might want to evaluate other firewalls as well. For
example, I think you'd arguably be more secure with two $500
www.netscreen.com 5XP firewalls [or one Netscreen and one other firewall]
than with one ISA server, and Netscreens come with a lot of nice features
that ISA does not do or do as well or do for free, such as content
filtering, bandwidth usage reporting, VPN.

I also personally find ISA server unnecessarily complex to configure
compared to other firewalls in the same price range and feature set. IMHO,
some configuration items are hidden under a right-click in some obscure
place.

One advantage to using ISA or a free Linux firewall like IPCop, Gibralter,
Smoothwall, etc. is that it is basically free to add a third NIC to create a
DMZ for your internet servers. Commercial firewall devices sometimes charge
you a lot for an extra NIC.

Other firewall options:

http://securityadmin.info/faq.htm#firewall

Bill Sanderson

unread,
Dec 3, 2002, 9:56:07 PM12/3/02
to
You might want to ask this in microsoft.public.isaserver, as well, although
most folks there are converts.

"Marlon Brown" <marlon...@hotmail.com> wrote in message
news:OytPugxmCHA.2012@TK2MSFTNGP11...

S. Pidgorny [MVP]

unread,
Dec 4, 2002, 5:02:28 AM12/4/02
to
It's very good product. Some knowledge required but you'll find great help
at microsoft.public.isa hierarchy and lots of useful tutorials at
www.isaserver.org

Features we like are user-level access control (integrates with Windows),
high-performance Web cache and exensibility with application filters (like
URLScan)

Features that are criticised are the way of array implementation and
requirement for NAT (no routing-through firewall function).

My opinion: go for it.

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-

"Marlon Brown" <marlon...@hotmail.com> wrote in message
news:OytPugxmCHA.2012@TK2MSFTNGP11...

Marlon Brown

unread,
Dec 5, 2002, 10:42:02 AM12/5/02
to
Thanks much.
In that case I am focusing on the proxy server and AD integration
capabilities, as you correctly pointed out.


"Karl Levinson [x y] mvp" <levin...@excite.com> wrote in message
news:OhAPv#zmCHA.2344@TK2MSFTNGP10...

0 new messages