Wow, since when is an unadulterated, exact, direct copy of a quote, a 'misquote'? As for poorly articulating my point - I didn't resort to personal insults (which you obviously can not avoid). Nor did I disparage other firewall products ('Pixie, Crisco, and Netscream' - and no that is not a misquote either). ISA is a decent firewall product. So are Pix, Cisco routers, and even Sonicwall (which does not have the ISA "design goal" of supporting only a single wan interface - yes it supports multiple external links). Jim, I respect your knowledge of this product. I also understand that as an employee of Microsoft, you have to be a bit biased. But when you start personally attacking newsgroup members, you do the group and yourself a disservice. ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, May 07, 2004 2:15 PM Subject: [isalist] RE: ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx > http://www.ISAserver.org > > No, I mean design specs. ISA was specifically designed to limit the external side to a single interface. > When you're ready to learn about how ISA is designed, come back to class; but please sit in the back as you're disturbing the rest > of the students. > > Also, the correct phrase is "misquote". > There's nothing in my response that hints at anything you're poorly articulating. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Jay" <jschwarzkopf@xxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Friday, May 07, 2004 10:39 > Subject: [isalist] RE: ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx > > > http://www.ISAserver.org > > You mean design limitation. > > And hardly bitchin. I was just quoting you: > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=O2WkOL%23VBHA.1916%40tkmsftngp03&rnum=3&prev=/groups%3Fq%3D%2522ip%2Bspoof%2Bdetection%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3DO2WkOL%2523VBHA.1916%2540tkmsftngp03%26rnum%3D3 > > > > ----- Original Message ----- > From: "Jim Harrison" <jim@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Friday, May 07, 2004 11:36 AM > Subject: [isalist] RE: ISA Server is not a Firewall !!! > http://www.kbalertz.com/Feedback_832659.aspx > > > > http://www.ISAserver.org > > > > The alternative is to use the product within its design specs. > > Anything else you do gets you less functionality and protection. > > > > ISA does not support multiple public interfaces. This was (and still is) > a design decision. > > I expect full routing functionality from a firewall the same way I expect > full firewall functionality from a router. > > > > Use each device within its design goals and quicherbitchin... > > > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://www.microsoft.com/isaserver > > http://isaserver.org/Jim_Harrison > > http://isatools.org > > > > Read the help, books and articles! > > ----- Original Message ----- > > From: "Jay" <jschwarzkopf@xxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Friday, May 07, 2004 08:10 > > Subject: [isalist] RE: ISA Server is not a Firewall !!! > http://www.kbalertz.com/Feedback_832659.aspx > > > > > > http://www.ISAserver.org > > > > "The only workaround I've heard of is to disable IP spoof detection and > this > > affects the whole ISA, not just that one interface. Needless to say, > that's > > not a good alternative for me or anyone else that's tried it." > > > > > > ----- Original Message ----- > > From: "Jim Harrison" <jim@xxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Friday, May 07, 2004 10:54 AM > > Subject: [isalist] RE: ISA Server is not a Firewall !!! > > http://www.kbalertz.com/Feedback_832659.aspx > > > > > > > http://www.ISAserver.org > > > > > > A good firewall must include good router functionality in the same way a > > fish must include a PDA. > > > This article and issue arises because folks choose to use a product > > outside of its design goals. > > > > > > You can scream in email all day long; it doesn't make you sound any more > > believable. > > > > > > Disabling an alert does not stop the blocking action, just the alerts > that > > get generated from it. > > > Learn to read what's written; not what you choose to make of it. > > > > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://www.microsoft.com/isaserver > > > http://isaserver.org/Jim_Harrison > > > http://isatools.org > > > > > > Read the help, books and articles! > > > ----- Original Message ----- > > > From: "Idan Plotnik" <idan@xxxxxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Friday, May 07, 2004 04:45 > > > Subject: [isalist] RE: ISA Server is not a Firewall !!! > > http://www.kbalertz.com/Feedback_832659.aspx > > > > > > > > > http://www.ISAserver.org > > > > > > Hi Thomas, > > > > > > Yesterday I came back from TechEd in Israel, I believe in the way > > > Microsoft works and I am working a lot with Microsoft products, in > > > additional I am doing some works for Microsoft, but this issue is not > > > relevant to my work, I mean that this kind of Bugs must be discover > > > before the product is going in to the market and not after 2 or 3 > > > years!!! Don't you agree with me? Tell me something else, do you think > > > it reasonable to disable the IP Spoof Detection option on a > > > FIREWALL???!!!!???!!!! To enable another function to work properly???? > > > > > > And by the way!!! A good Firewall must include a good router > > > functions!!! It's not a separate function, When I read your line "but > > > since you've confused firewalls with routers" I laugh because it's not a > > > good way of thinking!!! There are a lot of people that thinks that > > > Firewall just blocks ports or protocols and it's not true > > > > > > Thanks and have a good day. > > > > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Friday, May 07, 2004 1:00 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA Server is not a Firewall !!! > > > http://www.kbalertz.com/Feedback_832659.aspx > > > > > > http://www.ISAserver.org > > > > > > Hi Idan, > > > > > > It's a good thing no other firewalls have any issues :-\ > > > > > > This is the first time I've done this on this list, but since you've > > > confused firewalls with routers, I have to say PLONK. > > > > > > HTH, > > > Tom > > > > > > Thomas W Shinder > > > www.isaserver.org/shinder > > > ISA 2004 Beta - Get it now! > > > http://www.microsoft.com/isaserver/beta/default.asp > > > ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: > > > http://tinyurl.com/1llp > > > > > > > > > -----Original Message----- > > > From: Idan Plotnik [mailto:idan@xxxxxxxxxxxxxxx] > > > Sent: Friday, May 07, 2004 5:57 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] ISA Server is not a Firewall !!! > > > http://www.kbalertz.com/Feedback_832659.aspx > > > > > > > > > http://www.ISAserver.org > > > > > > Hi all, > > > I don't know if I need to laugh or to cry about this!!! > > > This issue closed my opinion about ISA 2000, and my opinion about ISA > > > 2000 is that its not a firewall !!! > > > Someone has sometnig to say about this ? > > > 832659 - The IP Spoof Detection feature in ISA Server 2000 may drop > > > legal packets on systems that have multiple external interfaces > > > Thanx > > >