In my experience you will have problems with any firewall product, they will just appear in different places. I have used other products (Gauntlet, FW-1, BlackIce, PIX...) and there are issues. ISA is a very good product and yes it qualifies as an enterprise-class package, there is no question. Is it the _right_ product? You have to evaluate your own environment to recognize what the right product is. I have been using ISA in a mixed environment quite successfully for some time now. But my needs don't necessarily reflect your needs, either. If ISA is the roadblock, chances are your firewall (in general) is going to be the roadblock. ISA is usually not the problem when it comes to protocols. A lack of understanding of the protocols and how to handle them is usually the problem (not saying this is necessarily the case in your situation, no offense intended). You have to understand the difference between packet filtering and application filtering and when to do one and when to do the other. The more complex your environment is the worse your firewall overhead is going to be and the more attention you're going to have to pay to it to get it to work right, no matter what the product. But as your complexity grows so also does your need to pay attention that the complexity is not growing needlessly. A poor overall systems design is the downfall of any firewall (or any other system for that matter). -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Thursday, December 11, 2003 1:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] Is ISA a good fit? http://www.ISAserver.org Request For Information... It appears that lately I seem to be finding all the things that ISA cannot do. Is ISA supposed to be an "Enterprise" level application that can truly support Enterprise level needs? Or am I simply just asking too much of ISA. I am asking this sincerely. I have used MS Proxy and ISA for several years now. Frankly, I have not really looked at other products. But now that our business has grown, so has the complexity of our network. I keep running into issues where ISA is a roadblock and not a asset. Are the problems with authentication, not passing protocols (even when defined), VOIP, etc ISA centric, or am I going to have these same issues with any firewall product we purchase? In our mixed environment of Windows, Mac, Linux, and Solaris, is ISA really a good fit? Will there be a release of ISA that will address these issues in the immediate future? Thanks to all with more insight into this than I have. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')