RE: Is ISA a good fit?

• From: Jim Harrison <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 14 Dec 2003 12:30:30 -0800

Not personal; I personally couldn't care less whther you choose ISA or Monkeys 
& buckets for your firewall.
As you stated, your business needs are your own.

My "issue" was with your claim to an unresolved PSS issue (which you haven't 
responded to, BTW).
I'm the one they turn to to get product team assistance and I never saw or 
heard of an issue with your name on it.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Sat, 13 Dec 2003 11:24:34 -0500
 Glenn Maks <gmaks@xxxxxxxxx> wrote:
http://www.ISAserver.org

Hay Jim - you are the one taking things personal, Ok, this is a discussion
group, I was simply adding to an earlier post from someone who asked if ISA
was a good fit. So lighten up, if your interpretation of my feedback is one
of a grip session then that is the way you see it. I don't care what
security platform I use as long as it fits my business needs, as far moving
forward, I think I struck a nerve with my honest evaluation based on my
experience, like I said, I still believe in ISA but I am going to wait for
version 2 release, for now, I am putting this issue to bed, in the mean time
I thought I would look at 3COM's total firewall solution on a single NIC.

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, December 12, 2003 5:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is ISA a good fit?


http://www.ISAserver.org

Sorry you took it personally, Glenn, but your issues have been typically
characterized by
nearlyrandomrantingsaboutseveralthingsinthesamebreathmakingthemdifficulttose
parateintocomponentparts.

Regarding your insoluble PSS issues, if you have your SR#, I can review it
to see why it never made it to the product team.
Outside of that, I don't know what to offer you.

You keep referring to your Raptor; first; they're vastly different products
with entirely different designs  Comparing the two is very much an apples /
oranges discussion that I won't get into.
If there's a critical (to you, anyway) Raptor feature that you feel ISA
should have answered, then you need to hit the product feedback links on
support.microsoft.com, not blow off your steam here.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Glenn Maks" <gmaks@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 12, 2003 09:06
Subject: [isalist] RE: Is ISA a good fit?


http://www.ISAserver.org

Hello Tom - I have opened calls to Microsoft ISA support regarding the
issues I stated in my ISA review early this morning, first allow me set the
record straight, because I think Jim was taking it personally, I know Jim or
at least I was told that he is part of the ISA development team, so I
understood his humorous sarcasm referencing Dorothy, the fact is that ISA is
being marketed for Prime Time use as a Enterprise Solution, as such, the way
I have implemented ISA into my organization mirrors my existing
configuration I have with my Axent Raptor Firewall, I ran both in parallel
just in case I needed to scramble back to Raptor, unfortunately, I had to do
that, I was pressured by Executive management because basic organizational
functions were being impeded based on the unreliable RRAS connectivity it
provided to all my branch offices. The issue with RRAS was that it took
forever to connect, when it did connect and sometimes not all, even if I
consoled into the dialing ISA RRAS Server and initiated connection manually,
keeping in mind all the while the Links are down, no inter office mail, no
Exchange replication, no access to shared resources, this is huge
on the radar screen for management. Let me ask you this, you have 2 ISA RRAS
Servers on opposite sides of the world, each office has at least a 512 MB
dedicated connection to the Internet or better, like a full T-1, what is
reasonable in terms of time for RRAS to reestablish connections? As far as
DNS hot fixes, I read off the version
releases of several DLL's to Microsoft's Tech support and based on what they
told me I already had the DNS hot fix in place. Believe me, I wanted ISA,
this a product I believed in that could replace my old firewall, my company
has partnership agreements with Microsoft, so the path to ISA was an easy
one to make, but the fact is, after
I rolled it out and started to add additional functionality to it, Nothing
More or less than what I already had with Raptor, things started to go down
hill quickly. I had 2 choices, remain with ISA and work through the issues,
all the while my companies services suffer or flip the switch back onto
Raptor. The comment that Jim made regarding an all services and
functionality running on one box, and that it was not very smart to do that,
I am asking nothing more from my combination of ISA and RRAS
that I already have with my 6 year old Axent Firewall, further more, if
Microsoft's VPN solution for now is to use RRAS then it is not unreasonable
to expect a certain level of performance and reliability from it.
Personally, I still believe in the product, the down side is that it will be
a hard sell to management when version 2 is released based on the
experience, and it is NOT the way I rolled it out or planned the migration,
as I know some folks will say, I took this one step at a time, one service
at a time.


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Friday, December 12, 2003 11:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is ISA a good fit?


http://www.ISAserver.org

Hi Glenn,

So PSS wasn't about to solve your VPN gateway to gateway issue? Didn't they
give you to rollup hotfix that solved the dreaded DNS publishing issue?

Thanks!
Tom

  _____

From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Friday, December 12, 2003 8:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is ISA a good fit?


http://www.ISAserver.org


Jim - in fact I have posted many issues and have received many valued
responses, even from you, in fact when I opened my Microsoft support ticket,
I asked the 2nd level support engineer about ISA Discussion Group in
reference to Tom and yourself,

he told me many Microsoft ISA support engineers use this same forum and know
about you, so believe me, it is not like I was coming in cold, My evaluation
is accurate based on my experience and the way I NEEDED to use ISA. As for a
total enterprise solution, Most Enterprise firewall solutions roll in VPN
support, either client VPN or firewall to firewall, like my old Axent Raptor
firewall which is 6 years old, so this is not a new idea, Microsoft choose
to use RRAS because it already existed in earlier releases of Server
operating systems, Yes, it is true RRAS is not necessary for ISA to function
as a Firewall, Web Proxy, but to complete the total Enterprise requirements
it is if you wish to connect Branch offices, and I am saying that I had
reliability issues with RRAS, it simply was not stable, the times I had to
reboot my ISA server RRAS would take minutes to complete the connection and
sometimes not at all, I reboot Raptor and I can start pinging remote hosts

on the other side of the world even before the OS allows you to login, so
believe me there is a huge difference. I am not arguing the case to scrap
ISA, if I did I am sure I would be flamed by Microsoft supporters. As far as
waking up Dorothy, I guess she is already walking the streets, because my 6
year old Axent Raptor firewall functions as my Firewall, Global Branch
Office VPN and DMZ server, everything needed to run the operations here in
my office, so I guess I do have my bag of chips Jim.

-----O

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?
• » RE: Is ISA a good fit?

1. Home
2. isalist
3. Archive
4. 12-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---