RE: ISA Server is not a Firewall !!! http://www.kbalertz.com/Feedback_832659.aspx
- From: "Joe Pochedley" <joepochedley@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 7 May 2004 17:04:25 -0400
Boys, boys, boys...
Jay: You can effectively misquote someone when you take a direct quote
out of context and in essence make it mean something that the original
context didn't convey... Whether or not that's what's happened here I
don't know, but I'm just pointing out how you can misquote even by using
a verbatim statement...
Now, in a free forum where the 'free' exchange of ideas is passed around
and advice and assistance is dolled out for 'free', don't expect
everyone to meet your idea of politically correct or polite... Besides,
what other kind of response would you expect when you come into an ISA
forum and insinuate ISA is not a true firewall? Especially when the
specific issue your dealing with falls with a configuration outside the
parameters of the listed specifications of the product. It's almost
like me saying that a Ford Ranger Pickup Truck is not a true truck just
because it can't haul my 40 foot boat to the marina....
ISA's limitation is a spec... or a limitation by design.. Therefore
it is a design spec. A design limitation would be a limitation of
design (unavoidable without redesign)....
Joe Pochedley
Weiler's Law - Nothing is impossible for the man who doesn't have to do
it himself.
-----Original Message-----
From: Jay [mailto:jschwarzkopf@xxxxxxxxxx]
Sent: Friday, May 07, 2004 3:57 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Server is not a Firewall !!!
http://www.kbalertz.com/Feedback_832659.aspx
http://www.ISAserver.org
typical
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, May 07, 2004 3:35 PM
Subject: [isalist] RE: ISA Server is not a Firewall !!!
http://www.kbalertz.com/Feedback_832659.aspx
> http://www.ISAserver.org
>
> Thanks, Dad...
> Are we done now?
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://www.microsoft.com/isaserver
> http://isaserver.org/Jim_Harrison
> http://isatools.org
>
> Read the help, books and articles!
> ----- Original Message -----
> From: "Jay" <jschwarzkopf@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, May 07, 2004 12:23
> Subject: [isalist] RE: ISA Server is not a Firewall !!!
http://www.kbalertz.com/Feedback_832659.aspx
>
>
> http://www.ISAserver.org
>
> Wow, since when is an unadulterated, exact, direct copy of a quote, a
> 'misquote'?
>
> As for poorly articulating my point - I didn't resort to personal
insults
> (which you obviously can not avoid). Nor did I disparage other
firewall
> products ('Pixie, Crisco, and Netscream' - and no that is not a
misquote
> either).
>
> ISA is a decent firewall product. So are Pix, Cisco routers, and even
> Sonicwall (which does not have the ISA "design goal" of supporting
only a
> single wan interface - yes it supports multiple external links).
>
> Jim, I respect your knowledge of this product. I also understand that
as
an
> employee of Microsoft, you have to be a bit biased. But when you
start
> personally attacking newsgroup members, you do the group and yourself
a
> disservice.
>
>
> ----- Original Message -----
> From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, May 07, 2004 2:15 PM
> Subject: [isalist] RE: ISA Server is not a Firewall !!!
> http://www.kbalertz.com/Feedback_832659.aspx
>
>
> > http://www.ISAserver.org
> >
> > No, I mean design specs. ISA was specifically designed to limit the
> external side to a single interface.
> > When you're ready to learn about how ISA is designed, come back to
class;
> but please sit in the back as you're disturbing the rest
> > of the students.
> >
> > Also, the correct phrase is "misquote".
> > There's nothing in my response that hints at anything you're poorly
> articulating.
> >
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://www.microsoft.com/isaserver
> > http://isaserver.org/Jim_Harrison
> > http://isatools.org
> >
> > Read the help, books and articles!
> > ----- Original Message -----
> > From: "Jay" <jschwarzkopf@xxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Friday, May 07, 2004 10:39
> > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> http://www.kbalertz.com/Feedback_832659.aspx
> >
> >
> > http://www.ISAserver.org
> >
> > You mean design limitation.
> >
> > And hardly bitchin. I was just quoting you:
> >
>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=O2Wk
OL%23VBHA.1916%40tkmsftngp03&rnum=3&prev=/groups%3Fq%3D%2522ip%2Bspoof%2
Bdetection%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3DO2W
kOL%2523VBHA.1916%2540tkmsftngp03%26rnum%3D3
> >
> >
> >
> > ----- Original Message -----
> > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Friday, May 07, 2004 11:36 AM
> > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > http://www.kbalertz.com/Feedback_832659.aspx
> >
> >
> > > http://www.ISAserver.org
> > >
> > > The alternative is to use the product within its design specs.
> > > Anything else you do gets you less functionality and protection.
> > >
> > > ISA does not support multiple public interfaces. This was (and
still
> is)
> > a design decision.
> > > I expect full routing functionality from a firewall the same way I
> expect
> > full firewall functionality from a router.
> > >
> > > Use each device within its design goals and quicherbitchin...
> > >
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://www.microsoft.com/isaserver
> > > http://isaserver.org/Jim_Harrison
> > > http://isatools.org
> > >
> > > Read the help, books and articles!
> > > ----- Original Message -----
> > > From: "Jay" <jschwarzkopf@xxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Friday, May 07, 2004 08:10
> > > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > http://www.kbalertz.com/Feedback_832659.aspx
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > "The only workaround I've heard of is to disable IP spoof
detection
and
> > this
> > > affects the whole ISA, not just that one interface. Needless to
say,
> > that's
> > > not a good alternative for me or anyone else that's tried it."
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Friday, May 07, 2004 10:54 AM
> > > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > > http://www.kbalertz.com/Feedback_832659.aspx
> > >
> > >
> > > > http://www.ISAserver.org
> > > >
> > > > A good firewall must include good router functionality in the
same
way
> a
> > > fish must include a PDA.
> > > > This article and issue arises because folks choose to use a
product
> > > outside of its design goals.
> > > >
> > > > You can scream in email all day long; it doesn't make you sound
any
> more
> > > believable.
> > > >
> > > > Disabling an alert does not stop the blocking action, just the
alerts
> > that
> > > get generated from it.
> > > > Learn to read what's written; not what you choose to make of it.
> > > >
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://www.microsoft.com/isaserver
> > > > http://isaserver.org/Jim_Harrison
> > > > http://isatools.org
> > > >
> > > > Read the help, books and articles!
> > > > ----- Original Message -----
> > > > From: "Idan Plotnik" <idan@xxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Friday, May 07, 2004 04:45
> > > > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > > http://www.kbalertz.com/Feedback_832659.aspx
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Thomas,
> > > >
> > > > Yesterday I came back from TechEd in Israel, I believe in the
way
> > > > Microsoft works and I am working a lot with Microsoft products,
in
> > > > additional I am doing some works for Microsoft, but this issue
is
not
> > > > relevant to my work, I mean that this kind of Bugs must be
discover
> > > > before the product is going in to the market and not after 2 or
3
> > > > years!!! Don't you agree with me? Tell me something else, do you
think
> > > > it reasonable to disable the IP Spoof Detection option on a
> > > > FIREWALL???!!!!???!!!! To enable another function to work
properly????
> > > >
> > > > And by the way!!! A good Firewall must include a good router
> > > > functions!!! It's not a separate function, When I read your line
"but
> > > > since you've confused firewalls with routers" I laugh because
it's
not
> a
> > > > good way of thinking!!! There are a lot of people that thinks
that
> > > > Firewall just blocks ports or protocols and it's not true
> > > >
> > > > Thanks and have a good day.
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Friday, May 07, 2004 1:00 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA Server is not a Firewall !!!
> > > > http://www.kbalertz.com/Feedback_832659.aspx
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Idan,
> > > >
> > > > It's a good thing no other firewalls have any issues :-\
> > > >
> > > > This is the first time I've done this on this list, but since
you've
> > > > confused firewalls with routers, I have to say PLONK.
> > > >
> > > > HTH,
> > > > Tom
> > > >
> > > > Thomas W Shinder
> > > > www.isaserver.org/shinder
> > > > ISA 2004 Beta - Get it now!
> > > > http://www.microsoft.com/isaserver/beta/default.asp
> > > > ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA
Server:
> > > > http://tinyurl.com/1llp
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Idan Plotnik [mailto:idan@xxxxxxxxxxxxxxx]
> > > > Sent: Friday, May 07, 2004 5:57 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] ISA Server is not a Firewall !!!
> > > > http://www.kbalertz.com/Feedback_832659.aspx
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi all,
> > > > I don't know if I need to laugh or to cry about this!!!
> > > > This issue closed my opinion about ISA 2000, and my opinion
about
ISA
> > > > 2000 is that its not a firewall !!!
> > > > Someone has sometnig to say about this ?
> > > > 832659 - The IP Spoof Detection feature in ISA Server 2000 may
drop
> > > > legal packets on systems that have multiple external interfaces
> > > > Thanx
> > > >
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jschwarzkopf@xxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
