RE: ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx
- From: "Jay" <jschwarzkopf@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 May 2004 15:23:12 -0400
Wow, since when is an unadulterated, exact, direct copy of a quote, a
'misquote'?
As for poorly articulating my point - I didn't resort to personal insults
(which you obviously can not avoid). Nor did I disparage other firewall
products ('Pixie, Crisco, and Netscream' - and no that is not a misquote
either).
ISA is a decent firewall product. So are Pix, Cisco routers, and even
Sonicwall (which does not have the ISA "design goal" of supporting only a
single wan interface - yes it supports multiple external links).
Jim, I respect your knowledge of this product. I also understand that as an
employee of Microsoft, you have to be a bit biased. But when you start
personally attacking newsgroup members, you do the group and yourself a
disservice.
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, May 07, 2004 2:15 PM
Subject: [isalist] RE: ISA Server is not a Firewall !!!
http://www.kbalertz.com/Feedback_832659.aspx
> http://www.ISAserver.org
>
> No, I mean design specs. ISA was specifically designed to limit the
external side to a single interface.
> When you're ready to learn about how ISA is designed, come back to class;
but please sit in the back as you're disturbing the rest
> of the students.
>
> Also, the correct phrase is "misquote".
> There's nothing in my response that hints at anything you're poorly
articulating.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://www.microsoft.com/isaserver
> http://isaserver.org/Jim_Harrison
> http://isatools.org
>
> Read the help, books and articles!
> ----- Original Message -----
> From: "Jay" <jschwarzkopf@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, May 07, 2004 10:39
> Subject: [isalist] RE: ISA Server is not a Firewall !!!
http://www.kbalertz.com/Feedback_832659.aspx
>
>
> http://www.ISAserver.org
>
> You mean design limitation.
>
> And hardly bitchin. I was just quoting you:
>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=O2WkOL%23VBHA.1916%40tkmsftngp03&rnum=3&prev=/groups%3Fq%3D%2522ip%2Bspoof%2Bdetection%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3DO2WkOL%2523VBHA.1916%2540tkmsftngp03%26rnum%3D3
>
>
>
> ----- Original Message -----
> From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, May 07, 2004 11:36 AM
> Subject: [isalist] RE: ISA Server is not a Firewall !!!
> http://www.kbalertz.com/Feedback_832659.aspx
>
>
> > http://www.ISAserver.org
> >
> > The alternative is to use the product within its design specs.
> > Anything else you do gets you less functionality and protection.
> >
> > ISA does not support multiple public interfaces. This was (and still
is)
> a design decision.
> > I expect full routing functionality from a firewall the same way I
expect
> full firewall functionality from a router.
> >
> > Use each device within its design goals and quicherbitchin...
> >
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://www.microsoft.com/isaserver
> > http://isaserver.org/Jim_Harrison
> > http://isatools.org
> >
> > Read the help, books and articles!
> > ----- Original Message -----
> > From: "Jay" <jschwarzkopf@xxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Friday, May 07, 2004 08:10
> > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> http://www.kbalertz.com/Feedback_832659.aspx
> >
> >
> > http://www.ISAserver.org
> >
> > "The only workaround I've heard of is to disable IP spoof detection and
> this
> > affects the whole ISA, not just that one interface. Needless to say,
> that's
> > not a good alternative for me or anyone else that's tried it."
> >
> >
> > ----- Original Message -----
> > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Friday, May 07, 2004 10:54 AM
> > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > http://www.kbalertz.com/Feedback_832659.aspx
> >
> >
> > > http://www.ISAserver.org
> > >
> > > A good firewall must include good router functionality in the same way
a
> > fish must include a PDA.
> > > This article and issue arises because folks choose to use a product
> > outside of its design goals.
> > >
> > > You can scream in email all day long; it doesn't make you sound any
more
> > believable.
> > >
> > > Disabling an alert does not stop the blocking action, just the alerts
> that
> > get generated from it.
> > > Learn to read what's written; not what you choose to make of it.
> > >
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://www.microsoft.com/isaserver
> > > http://isaserver.org/Jim_Harrison
> > > http://isatools.org
> > >
> > > Read the help, books and articles!
> > > ----- Original Message -----
> > > From: "Idan Plotnik" <idan@xxxxxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Friday, May 07, 2004 04:45
> > > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > http://www.kbalertz.com/Feedback_832659.aspx
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Thomas,
> > >
> > > Yesterday I came back from TechEd in Israel, I believe in the way
> > > Microsoft works and I am working a lot with Microsoft products, in
> > > additional I am doing some works for Microsoft, but this issue is not
> > > relevant to my work, I mean that this kind of Bugs must be discover
> > > before the product is going in to the market and not after 2 or 3
> > > years!!! Don't you agree with me? Tell me something else, do you think
> > > it reasonable to disable the IP Spoof Detection option on a
> > > FIREWALL???!!!!???!!!! To enable another function to work properly????
> > >
> > > And by the way!!! A good Firewall must include a good router
> > > functions!!! It's not a separate function, When I read your line "but
> > > since you've confused firewalls with routers" I laugh because it's not
a
> > > good way of thinking!!! There are a lot of people that thinks that
> > > Firewall just blocks ports or protocols and it's not true
> > >
> > > Thanks and have a good day.
> > >
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Friday, May 07, 2004 1:00 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > > http://www.kbalertz.com/Feedback_832659.aspx
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Idan,
> > >
> > > It's a good thing no other firewalls have any issues :-\
> > >
> > > This is the first time I've done this on this list, but since you've
> > > confused firewalls with routers, I have to say PLONK.
> > >
> > > HTH,
> > > Tom
> > >
> > > Thomas W Shinder
> > > www.isaserver.org/shinder
> > > ISA 2004 Beta - Get it now!
> > > http://www.microsoft.com/isaserver/beta/default.asp
> > > ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server:
> > > http://tinyurl.com/1llp
> > >
> > >
> > > -----Original Message-----
> > > From: Idan Plotnik [mailto:idan@xxxxxxxxxxxxxxx]
> > > Sent: Friday, May 07, 2004 5:57 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] ISA Server is not a Firewall !!!
> > > http://www.kbalertz.com/Feedback_832659.aspx
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi all,
> > > I don't know if I need to laugh or to cry about this!!!
> > > This issue closed my opinion about ISA 2000, and my opinion about ISA
> > > 2000 is that its not a firewall !!!
> > > Someone has sometnig to say about this ?
> > > 832659 - The IP Spoof Detection feature in ISA Server 2000 may drop
> > > legal packets on systems that have multiple external interfaces
> > > Thanx
> > >
Other related posts:
