RE: Is ISA a good fit?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Dec 2003 19:51:43 -0600
Hi Ray,
I've NEVER had a problem with colo VPN/ISA machines. What kind of
problems have you had with that.
Chunking is related to HTTP 1.1, IIRC. ISA uses HTTP 1.0 when
forwarding.
No comment re: Wingate, as Wingate is a SOHO NAT server.
HTH,
Tom
_____
From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Sent: Thursday, December 11, 2003 3:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Is ISA a good fit?
http://www.ISAserver.org
I did find a few things since the last frustration which was using CVS
through ISA. It appears that it is somehow tied into using RRAS on the
same box as ISA, and the way that CVS does "data chunking", whatever
that is. As for authentication, it is what it is. I asked for somebody
to look at the IP conversion script on the isa tools list, but never got
a response from anybody. And as far as I can tell, SIP would be an
issue with just about any firewall. I'll just have to stick a NAT box
in the DMZ and do it that way for now. I still think I should be able
to sit down at the ISA terminal and see who in our enterprise is
connected to what on the internet. Even a $100 application like Wingate
can do that, and ISA cannot without plugins and addons.
----- Original Message -----
From: Mark Hippenstiel <mailto:M.Hippenstiel@xxxxxxxxxxxx>
To: [ISAserver.org Discussion List]
<mailto:isalist@xxxxxxxxxxxxx>
Sent: Thursday, December 11, 2003 12:40 PM
Subject: [isalist] RE: Is ISA a good fit?
http://www.ISAserver.org
Ray,
I do remember that you wanted to part with ISA not too long ago.
I am glad to see you sort of changed your mind - or at least you changed
your perspective :)
While I agree that the ISA log files are not a real bummer when
it comes to unauthenticated access (boy I do miss the IPs sometimes), I
never encountered problems with protocol passing that were not caused
either implicitly by protocol design or by insufficient knowledge on the
side of the operator.
IMO, you are going to have the very same problems with any other
product out there, unless it has built-in support for your special
needs. But then it's only a matter of time that you'll be facing another
problem that this product will not be able to address. The big pluses of
ISA are scalability, expandability and flexibilty, as well as the many
third party products which add extra functionality. Of course, some of
the great features ISA offers are MS centric, but this wouldn't
disqualify it's suitability for mixed environments.
The upcoming ISA 2004 will change a lot of things; you might
want to check out the ISA 2004 public beta, which is due in early 2004,
see
http://www.microsoft.com/isaserver/beta/default.asp
As has been said already, the question for fitness can not be
answered in general. For the problems you outline, it depends on how
much weight you put on certain aspects of functionality to determine the
fitness of a particular product. If you really need to answer this
question, why don't you put up a decision chart, evaluate some other
products and make a decision based on your findings?
Mark
-----Original Message-----
From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Posted At: Thursday, December 11, 2003 7:54 PM
Posted To: www.isaserver.org
Conversation: [isalist] Is ISA a good fit?
Subject: [isalist] Is ISA a good fit?
http://www.ISAserver.org
Request For Information...
It appears that lately I seem to be finding all the
things that ISA cannot do. Is ISA supposed to be an "Enterprise" level
application that can truly support Enterprise level needs? Or am I
simply just asking too much of ISA. I am asking this sincerely. I have
used MS Proxy and ISA for several years now. Frankly, I have not really
looked at other products. But now that our business has grown, so has
the complexity of our network. I keep running into issues where ISA is
a roadblock and not a asset. Are the problems with authentication, not
passing protocols (even when defined), VOIP, etc ISA centric, or am I
going to have these same issues with any firewall product we purchase?
In our mixed environment of Windows, Mac, Linux, and Solaris, is ISA
really a good fit? Will there be a release of ISA that will address
these issues in the immediate future?
Thanks to all with more insight into this than I have.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
