Inline... Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Sent: Monday, February 06, 2006 7:41 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Bluecoat Dupes ISAserver.org to Promote False Adver tising and Fraudulant Claims http://www.ISAserver.org Well, I am a part time ISA firewall admin. However I do see some stuff that is wrong myself. 1) "It runs on Windows hence you have to deal with security issues of the whole platform" This is debatable, but certainly not a major issue.[Thomas W. Shinder] Agree. The "runs on Windows" is BS. Otherwise, you could say the same thing about your Exchange/SQL/SMS/etc servers. And with ISA installed, nothing gets on the box unless you allow it. 2) No visibility into SSL traffic. Wrong, no? I thought it was passed to the HTTP traffic filter at the Proxy endpoint...[Thomas W. Shinder] The morons at Bluecoat must have never heard of ISA firewall's SSL bridging feature! 3) No ability to Manage P2P/IM. I'm not sure what they mean, unless they provide layer 7 inspection of P2P and IM protocols...[Thomas W. Shinder] You can do it without add-ons, and if you extend the ISA firewall with third party products, you get the same level of control as Bluecoat. 4) Limited policy control That, I disagree with. With the amount of dirty fingers ISA can have deep inside the active directory and windows pies when using fwclient...[Thomas W. Shinder] Ha! This is really where they stuck both feet, both hands, and that other thing (they must have very flexible spines) in their mouths. ISA provides more granular access control than any other firewall that I'm aware of, bar none. Only the abjectly clueless could have made such an assertion. 5) Performance abilities are limited. I have no idea really - however I don't trust "independent paid-for analysis", especially when you bring up two of them. I don't trust them, ever, especially if they're from Yankee, after the "get the facts" bulls**t campaign.[Thomas W. Shinder] Yep, and performance is so easily manipulated, that its a meaningless asseration. Get me a Bluecoat box and I'll build an ISA box with the requisite specs that will blow the Bluecoat away. Its all entirely depending on your test protocol and the hardware you throw at it. So I am eagerly waiting for Tom to clarify things up at a more experienced level :-)[Thomas W. Shinder] Already started and its going to be fun. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx