I?ll throw my .02 in here. (Since the doctor spoke so highly of SonicWall.) For what Amy is describing, a small business not running their own Exchange and only using SQL for small internal processes, SBS with ISA is great. I think where the need to remove ISA from SBS comes in if you are going to use SQL heavily or Exchange heavily. In that case, if you were not going to use OWA, then a SonicWall serving as the firewall would be fine. However, I would make one more recommendation: If you are going to use OWA and want those features of Exchange, use SBS with ISA and a SonicWall as the first line. SonicWall can be configured in what is called Standard mode, which does not do NAT, instead emulating the default gateway. In this way, the SonicWall can stop the majority and ISA can then be left to handle all the RPC stuff. I would be more than happy to expand on this idea. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, July 13, 2003 7:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FYI: ISA on SBS http://www.ISAserver.org Hi Amy, Good thoughts here, Amy! I'm thinking of the SBS group that got SBS because its a good deal, not the group who's barely holding on and can't spend a nickle for better functionality or protection. There are a lot of small businesses running SBS that aren't on the edge of bankruptcy and have travelling representatives and home workers. These businesses save money by hosting their own mail services, Web sites, etc. These are the classic entreprenurial types who like to have control and do things themselves when they can (with a little help for a consultant). They'll pay three grand for an ISA Server appliance or a second server that allows a second server with Win2003 and ISA 2000. It's a write off and the cost amoritized over three years is nominal. The SonicWall box isn't a good solution for these folks, because they got SBS for mainly for the Exchange 2000 services. The SonicWall doesn't do secure Exchange RPC Publishing, doesn't provide SSL bridging, requires a kludgy proprietary non-RFC IPSec NAT-T client, doesn't protect Web sites at the edge, and doesn't have any pre-authentication modules. If any business needs to pony up the slightly extra cost for security, its the small biz. They don't have the slack to handle intrusions and data destruction and theft. So to put sonicwall or "joe blow's cool firebox neé NAT router" on the edge of their networks isn't the best thing. Of course, I've run into those same kind of businesses that you're talking about. They're risk takers, cheapskates, or on the edge going out of business. For those, I'd get them a 50-150 buck SOHO NAT thing, tell them the risks, and cross my fingers that they're small enough that security through obscurity will save them :-) No reason to spend several hundred bucks on a sonicwall. Then there are those businsses that have no need to remote access. I don't see many of those anymore, since most people want to access Exchange from home. In that case, ISA Server is the firewall of choice for them, whether they access it using OWA or the "big Outlook" clinent (2000/2003) Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Amy Babinchak [mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Sunday, July 13, 2003 9:30 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FYI: ISA on SBS http://www.ISAserver.org Tom, The SBS market is for the most part very cost conservative and reluctant to purchase a second server or appliance to do anything. That?s not to say that I don?t have clients that use SBS in conjunction with Citrix, NAS, or other specialty servers, I do, but the majority of my SBS clients are businesses that had to be convinced to get a server in the first place, so selling them on the idea of a second server would be very nearly impossible. The question really isn?t whether or not ISA could be better on a separate box but whether as integrated is it good enough for what the majority of SBS users need it to be? For my clients I think so. They don?t host websites or SMTP email; they don?t use VPN or FTP. Pretty much for them the SBS server is there to provide more robust internal email, a central backup and connect everyone to a common high-ish speed internet. Most also use the fax server feature. For these clients I just can?t see myself convincing them that they need to purchase SBS without ISA and also purchase ISA separately or as an ISA appliance (when such a thing exists). It would be a lot of money for a level of protection that they would not be taking advantage of. I?ll instead be looking at comparing the price of SBS without ISA + a firewall appliance, such as Sonicwall vs. SBS with ISA built-in. The other factor will be management hassle for me and the additional cost to the client to have me manage a separate ISA or Firewall appliance vs ISA integrated within SBS. This is a cost-benefit over reality equation. Amy Babinchak Technology Consultant Harbor Computer Services -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, July 13, 2003 9:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] FYI: ISA on SBS http://www.ISAserver.org Interesting article on ISA on SBS: http://www.w2knews.com/index.cfm?id=434 HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')