RE: Is ISA a good fit?
- From: "Quillman Shawn (RBNA/CIT1.1) *" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Dec 2003 14:23:18 -0500
In my experience you will have problems with any firewall product, they will
just appear in different places. I have used other products (Gauntlet, FW-1,
BlackIce, PIX...) and there are issues. ISA is a very good product and yes it
qualifies as an enterprise-class package, there is no question. Is it the
_right_ product? You have to evaluate your own environment to recognize what
the right product is. I have been using ISA in a mixed environment quite
successfully for some time now. But my needs don't necessarily reflect your
needs, either.
If ISA is the roadblock, chances are your firewall (in general) is going to be
the roadblock. ISA is usually not the problem when it comes to protocols. A
lack of understanding of the protocols and how to handle them is usually the
problem (not saying this is necessarily the case in your situation, no offense
intended). You have to understand the difference between packet filtering and
application filtering and when to do one and when to do the other.
The more complex your environment is the worse your firewall overhead is going
to be and the more attention you're going to have to pay to it to get it to
work right, no matter what the product. But as your complexity grows so also
does your need to pay attention that the complexity is not growing needlessly.
A poor overall systems design is the downfall of any firewall (or any other
system for that matter).
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Sent: Thursday, December 11, 2003 1:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Is ISA a good fit?
http://www.ISAserver.org
Request For Information...
It appears that lately I seem to be finding all the things that ISA cannot do.
Is ISA supposed to be an "Enterprise" level application that can truly support
Enterprise level needs? Or am I simply just asking too much of ISA. I am
asking this sincerely. I have used MS Proxy and ISA for several years now.
Frankly, I have not really looked at other products. But now that our business
has grown, so has the complexity of our network. I keep running into issues
where ISA is a roadblock and not a asset. Are the problems with
authentication, not passing protocols (even when defined), VOIP, etc ISA
centric, or am I going to have these same issues with any firewall product we
purchase? In our mixed environment of Windows, Mac, Linux, and Solaris, is ISA
really a good fit? Will there be a release of ISA that will address these
issues in the immediate future?
Thanks to all with more insight into this than I have.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
