http://www.ISAserver.org ------------------------------------------------------- Having a "good woman" has nothing whatsoever to do with my kind and gentle demeanor. I've always been a "people person" and humanitarian at heart, all on my own thank you. Now if you'll excuse me, I'm going to go draw her a bubble bath, pour her a cup of tea, and play guitar for her while she soaks and contemplates man's inhumanity to man. t > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Saturday, September 08, 2007 8:06 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > I have to disagree; if Bob hadn't come to this list for help and > advice, > we'd never have had the opportunity to wax tiresome about our general > dislike for the same prejudicial responses offered by much of the ISA > competition. > > Bob; you should be ashamed of yourself for expecting a professional > response from such a group. > Go ahead, Amy - add your "what; you never listen to me?!?" in there - > you have it coming. > :-p > > I do agree with Tom on one point; Tim is ever so much nicer since a > good > woman took hold. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Saturday, September 08, 2007 7:56 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > Greg, > > I think that misses the point. No one here advocates rip and replace. > We > do advocate that you get an ISA Firewall and use it with your existing > one if you want, but I've never recommended rip and replace anyless > you're talking about a Blue Coat, but that's another story :) > > The points here, and the ones that got lost were: > > * There was an ISA Firewall already in place > * An ASA was brought it > * Bob asked how to make the ASA work with the ISA Firewall > * We asked why would they need a dreaded ASA when they already had an > imminently secure firewall > * We found out that a defintiely ignorant and potentially corrupt > auditor told them to buy unnessessary hardware > * We ragged on the ignorant and potentially corrupt auditor and called > the boss a moron (or something similar) > * Ray thought we were taking a rip and replace attitude because he > missed the the part about the ignorant and potentially corrupt auditor > and focused on our unwillingness to help > * We forgot about our job to help our colleages because we got lost in > the ignorance and corruption out there regarding competitors to the ISA > Firewall > > So, I think everyone here screwed up a bit, except for Bob, who was > just > looking for a little help :) > > IMHO, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland > > Sent: Friday, September 07, 2007 4:09 PM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > I agree with Ray and also Thor. Whilst my loyalty is there I > > am currently > > and have been in the past involved in networks that have a > significant > > investment in other firewall/vpn devices. The simple reality > > is that it's > > just not possible to pull up stumps and re-deploy the whole > > front edge of > > the network without considerable planning, testing and work. > > Ray is not > > necessarily a new kid on the block (NKOTB) around here so I > > think we should > > cut him some slack. Allot of people who pop up here are at > > times asking our > > advice on how they could utilise ISA in the current setup. I > > think that > > shows a smart approach and we are almost preaching to the > > converted there. > > We should be happy and proud that people who come from the > > "other side of > > the tracks" as It were are able to find a place for ISA in > > their network. I > > know people who have expressed to me that they really like > > the 2006 version > > of product and if they had their time over would use it in > > more extensively, > > but in global organisations that process doesn't happen or > > change overnight. > > > > Jim I'm not sure you intended it the way it came out or way people > > interpretted so I don't need to poke you in the side but this > > was a general > > statement. > > > > Greg > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On > > Behalf Of Thor (Hammer of God) > > Sent: Saturday, 8 September 2007 3:43 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > That's not his point... his point is the "attitude" of the > > conversation, > > not the discussion of the perception of a "hardware firewall" vs a > > "software firewall." And I have to say, his points are valid > > as stated > > IMO. > > > > I don't think my loyalty to ISA can be questioned, yet I've got a > > Netgear FVX538 in front of everything here. Not because I think a > > "hardware firewall" is "better," but because it works for my > > environment, and allows me to do things I want a little > > differently than > > what I could do otherwise, even though there are aspects of its > > configuration that drive me crazy. > > > > You're absolutely right about the security of any device in any given > > configuration, but we don't have conversations like that, do we? > > t > > > > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > > Sent: Friday, September 07, 2007 10:30 AM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > The response you get is based on having to deal with the > > "hardware is > > > more secure", "DMZ is more secure" and "more layers is more secure" > > > mentality that is espoused without regard to traffic profiles or > any > > > "real" security need or threat mitigation (such as you yourself > > > described). > > > > > > The point of adding a CisPixJuniBluSquid device simply on > > the basis of > > > "that adds security" is false on the face of it. All devices or > > > software solutions are equally prone to deployment and management > > > fubars > > > as the rest. > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > bounce@xxxxxxxxxxxxx] > > > On Behalf Of Ray Dzek > > > Sent: Friday, September 07, 2007 9:59 AM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > When I see posts like this, it just proves that you all have > > > degenerated > > > to the same level as the "ISA sucks" crowd. I would think that you > > all > > > would be tired of typing the same response whenever anybody > > asks about > > > configuring ISA in a multi-firewall environment. Maybe you all > have > > > just created a mail rule that auto generates the "How dare you > > > integrate > > > any other firewall with ISA. Nothing else is worthy. Get > > rid of the > > > other firewall, it sucks." > > > > > > Everybody has the hardware and environment they have to > > deal with. It > > > is what it is. I have to deal with ISA, ASA, and Sonicwall. I > like > > > features and performance aspects of each. There are also plenty of > > > things I can't stand about each. > > > > > > When I started with this list we had MS Proxy Server. It was a > > > different attitude. You all have become grumpy, jaded, and yet > more > > > immature than ever in your old age. Congratulations... You are > now > > > just like any other hardware firewall e-mail list. > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > > bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat > > > > Sent: Thursday, September 06, 2007 4:14 PM > > > > To: ISA Mailing List > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > Beat me to it... > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist- > > > > bounce@xxxxxxxxxxxxx] > > > > On Behalf Of Thomas W Shinder > > > > Sent: Thursday, September 06, 2007 6:57 PM > > > > To: ISA Mailing List > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > I was wondering what the ASA bug box was doing there too. Adding > a > > > > level > > > > of complexity to help increase the risk of misconfiguration? > > > > > > > > Thomas W Shinder, M.D. > > > > Site: www.isaserver.org > > > > Blog: http://blogs.isaserver.org/shinder/ > > > > Book: http://tinyurl.com/3xqb7 > > > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > > > > Sent: Thursday, September 06, 2007 3:40 PM > > > > > To: isalist@xxxxxxxxxxxxx > > > > > Subject: [isalist] Re: ASA 5500 in front of ISA 2006 > > > > > > > > > > http://www.ISAserver.org > > > > > ------------------------------------------------------- > > > > > > > > > > Make it easy for yourself. > > > > > Lose the Cisco or sell it to some unsuspecting victim. > > > > > Add another NIC to ISA and create a third-leg DMZ. > > > > > This way, only ISA has access to the traffic between these > > > networks. > > > > > > > > > > -----Original Message----- > > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] > > > > > On Behalf Of Robert Wolff > > > > > Sent: Thursday, September 06, 2007 1:27 PM > > > > > To: isalist@xxxxxxxxxxxxx > > > > > Subject: [isalist] ASA 5500 in front of ISA 2006 > > > > > > > > > > All, > > > > > > > > > > > > > > > > > > > > Does anyone know any tricks or have any experience with > > > > > configuration in > > > > > the following scenario: > > > > > > > > > > > > > > > > > > > > Inet Router => Cisco ASA firewall => DMZ => ISA 2006 Firewall > > > > > =>Internal > > > > > network > > > > > > > > > > > > > > > > > > > > The current network layout is just a single ISA 2006 firewall. > > I'm > > > > > looking to create a new DMZ segment between the ISA and ASA for > > > > future > > > > > web, DNS, and email servers. > > > > > > > > > > > > > > > > > > > > Inet Router => ISA 2006 Firewall => Internal Network > > > > > > > > > > > > > > > > > > > > One of the last problems I have is getting OWA to work. > > I can get > > > > the > > > > > initial login screen to appear, but after logon I get > > page cannot > > > be > > > > > displayed after several seconds of waiting. > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > -Bob- > > > > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx