RE: Adding Second Firewall

• From: "Jose Rhommel D Jayo" <jose.jayo@xxxxxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 24 Apr 2003 09:58:31 +0800

hi,

i wonder if there is any firewall product that can compete with ISA in layer 7 
arena :) anyway, indeed i suppose black boxes would be always a step behind 
from their software based cousins in terms of upper layer intelligence but 
because the expected Internet traffic that will pass is huge, i needed  a 
faster,low-maintenance, no-client license firewall at the network edge and 
cisco box fit the bill just right. 

i'm not sure what ISA functionality i'm missing in this set-up though, 
well for one the pix doesn't give any logs... 


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, April 24, 2003 9:17 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Adding Second Firewall


http://www.ISAserver.org


Hi Jose,

I would have to agree here. From a security viewpoint, you're a lot
better off using firewalls from two differnet vendors in your back to
back firewall config. The drawback is that most black boxes aren't as
"smart" as ISA Server in the layer 7 arena, which can lead to
unfortunate trade-offs in functionality.

Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Jose Rhommel D Jayo [mailto:jose.jayo@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, April 22, 2003 10:34 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Adding Second Firewall


http://www.ISAserver.org


usually, a two-tier firewall design uses different firewall product.
doesn't make sense to use the same firewall.
you might as well put the caching firewall closer to the user for
performance reasons...

i once installed ISA server in integrated mode directly behind a Cisco
PIX... (PIX internal interface connected to ISA's external's)  

-----Original Message-----
From: John Lyon [mailto:jlyon@xxxxxxxxxxxxx]
Sent: Tuesday, April 22, 2003 9:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Adding Second Firewall


http://www.ISAserver.org


Need advise on best way to proceed. Have a fully functioning integrated
mode ISA server. Does web publishing/server publishing and VPN
connections. Now, I have a request to add a secondary ISA in firewall
mode
only for added security. Do not have or need a DMZ for now to contend
with. How best do I add that second server? If I put the new one out in
front of the current server isn't that going to mess up all my external
IP's configured? OR, is it possible for me to pass all that traffic
right
on through.

Help the firewall challenged please!!!

Thanks

John

http://www.accuwired.com

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jose.jayo@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jose.jayo@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall
• » RE: Adding Second Firewall

1. Home
2. isalist
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---