Not personal; I personally couldn't care less whther you choose ISA or Monkeys & buckets for your firewall. As you stated, your business needs are your own. My "issue" was with your claim to an unresolved PSS issue (which you haven't responded to, BTW). I'm the one they turn to to get product team assistance and I never saw or heard of an issue with your name on it. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Sat, 13 Dec 2003 11:24:34 -0500 Glenn Maks <gmaks@xxxxxxxxx> wrote: http://www.ISAserver.org Hay Jim - you are the one taking things personal, Ok, this is a discussion group, I was simply adding to an earlier post from someone who asked if ISA was a good fit. So lighten up, if your interpretation of my feedback is one of a grip session then that is the way you see it. I don't care what security platform I use as long as it fits my business needs, as far moving forward, I think I struck a nerve with my honest evaluation based on my experience, like I said, I still believe in ISA but I am going to wait for version 2 release, for now, I am putting this issue to bed, in the mean time I thought I would look at 3COM's total firewall solution on a single NIC. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, December 12, 2003 5:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is ISA a good fit? http://www.ISAserver.org Sorry you took it personally, Glenn, but your issues have been typically characterized by nearlyrandomrantingsaboutseveralthingsinthesamebreathmakingthemdifficulttose parateintocomponentparts. Regarding your insoluble PSS issues, if you have your SR#, I can review it to see why it never made it to the product team. Outside of that, I don't know what to offer you. You keep referring to your Raptor; first; they're vastly different products with entirely different designs Comparing the two is very much an apples / oranges discussion that I won't get into. If there's a critical (to you, anyway) Raptor feature that you feel ISA should have answered, then you need to hit the product feedback links on support.microsoft.com, not blow off your steam here. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Glenn Maks" <gmaks@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, December 12, 2003 09:06 Subject: [isalist] RE: Is ISA a good fit? http://www.ISAserver.org Hello Tom - I have opened calls to Microsoft ISA support regarding the issues I stated in my ISA review early this morning, first allow me set the record straight, because I think Jim was taking it personally, I know Jim or at least I was told that he is part of the ISA development team, so I understood his humorous sarcasm referencing Dorothy, the fact is that ISA is being marketed for Prime Time use as a Enterprise Solution, as such, the way I have implemented ISA into my organization mirrors my existing configuration I have with my Axent Raptor Firewall, I ran both in parallel just in case I needed to scramble back to Raptor, unfortunately, I had to do that, I was pressured by Executive management because basic organizational functions were being impeded based on the unreliable RRAS connectivity it provided to all my branch offices. The issue with RRAS was that it took forever to connect, when it did connect and sometimes not all, even if I consoled into the dialing ISA RRAS Server and initiated connection manually, keeping in mind all the while the Links are down, no inter office mail, no Exchange replication, no access to shared resources, this is huge on the radar screen for management. Let me ask you this, you have 2 ISA RRAS Servers on opposite sides of the world, each office has at least a 512 MB dedicated connection to the Internet or better, like a full T-1, what is reasonable in terms of time for RRAS to reestablish connections? As far as DNS hot fixes, I read off the version releases of several DLL's to Microsoft's Tech support and based on what they told me I already had the DNS hot fix in place. Believe me, I wanted ISA, this a product I believed in that could replace my old firewall, my company has partnership agreements with Microsoft, so the path to ISA was an easy one to make, but the fact is, after I rolled it out and started to add additional functionality to it, Nothing More or less than what I already had with Raptor, things started to go down hill quickly. I had 2 choices, remain with ISA and work through the issues, all the while my companies services suffer or flip the switch back onto Raptor. The comment that Jim made regarding an all services and functionality running on one box, and that it was not very smart to do that, I am asking nothing more from my combination of ISA and RRAS that I already have with my 6 year old Axent Firewall, further more, if Microsoft's VPN solution for now is to use RRAS then it is not unreasonable to expect a certain level of performance and reliability from it. Personally, I still believe in the product, the down side is that it will be a hard sell to management when version 2 is released based on the experience, and it is NOT the way I rolled it out or planned the migration, as I know some folks will say, I took this one step at a time, one service at a time. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Friday, December 12, 2003 11:13 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is ISA a good fit? http://www.ISAserver.org Hi Glenn, So PSS wasn't about to solve your VPN gateway to gateway issue? Didn't they give you to rollup hotfix that solved the dreaded DNS publishing issue? Thanks! Tom _____ From: Glenn Maks [mailto:gmaks@xxxxxxxxx] Sent: Friday, December 12, 2003 8:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is ISA a good fit? http://www.ISAserver.org Jim - in fact I have posted many issues and have received many valued responses, even from you, in fact when I opened my Microsoft support ticket, I asked the 2nd level support engineer about ISA Discussion Group in reference to Tom and yourself, he told me many Microsoft ISA support engineers use this same forum and know about you, so believe me, it is not like I was coming in cold, My evaluation is accurate based on my experience and the way I NEEDED to use ISA. As for a total enterprise solution, Most Enterprise firewall solutions roll in VPN support, either client VPN or firewall to firewall, like my old Axent Raptor firewall which is 6 years old, so this is not a new idea, Microsoft choose to use RRAS because it already existed in earlier releases of Server operating systems, Yes, it is true RRAS is not necessary for ISA to function as a Firewall, Web Proxy, but to complete the total Enterprise requirements it is if you wish to connect Branch offices, and I am saying that I had reliability issues with RRAS, it simply was not stable, the times I had to reboot my ISA server RRAS would take minutes to complete the connection and sometimes not at all, I reboot Raptor and I can start pinging remote hosts on the other side of the world even before the OS allows you to login, so believe me there is a huge difference. I am not arguing the case to scrap ISA, if I did I am sure I would be flamed by Microsoft supporters. As far as waking up Dorothy, I guess she is already walking the streets, because my 6 year old Axent Raptor firewall functions as my Firewall, Global Branch Office VPN and DMZ server, everything needed to run the operations here in my office, so I guess I do have my bag of chips Jim. -----O ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmaks@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')