Hi Ray, I've NEVER had a problem with colo VPN/ISA machines. What kind of problems have you had with that. Chunking is related to HTTP 1.1, IIRC. ISA uses HTTP 1.0 when forwarding. No comment re: Wingate, as Wingate is a SOHO NAT server. HTH, Tom _____ From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Sent: Thursday, December 11, 2003 3:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Is ISA a good fit? http://www.ISAserver.org I did find a few things since the last frustration which was using CVS through ISA. It appears that it is somehow tied into using RRAS on the same box as ISA, and the way that CVS does "data chunking", whatever that is. As for authentication, it is what it is. I asked for somebody to look at the IP conversion script on the isa tools list, but never got a response from anybody. And as far as I can tell, SIP would be an issue with just about any firewall. I'll just have to stick a NAT box in the DMZ and do it that way for now. I still think I should be able to sit down at the ISA terminal and see who in our enterprise is connected to what on the internet. Even a $100 application like Wingate can do that, and ISA cannot without plugins and addons. ----- Original Message ----- From: Mark Hippenstiel <mailto:M.Hippenstiel@xxxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Thursday, December 11, 2003 12:40 PM Subject: [isalist] RE: Is ISA a good fit? http://www.ISAserver.org Ray, I do remember that you wanted to part with ISA not too long ago. I am glad to see you sort of changed your mind - or at least you changed your perspective :) While I agree that the ISA log files are not a real bummer when it comes to unauthenticated access (boy I do miss the IPs sometimes), I never encountered problems with protocol passing that were not caused either implicitly by protocol design or by insufficient knowledge on the side of the operator. IMO, you are going to have the very same problems with any other product out there, unless it has built-in support for your special needs. But then it's only a matter of time that you'll be facing another problem that this product will not be able to address. The big pluses of ISA are scalability, expandability and flexibilty, as well as the many third party products which add extra functionality. Of course, some of the great features ISA offers are MS centric, but this wouldn't disqualify it's suitability for mixed environments. The upcoming ISA 2004 will change a lot of things; you might want to check out the ISA 2004 public beta, which is due in early 2004, see http://www.microsoft.com/isaserver/beta/default.asp As has been said already, the question for fitness can not be answered in general. For the problems you outline, it depends on how much weight you put on certain aspects of functionality to determine the fitness of a particular product. If you really need to answer this question, why don't you put up a decision chart, evaluate some other products and make a decision based on your findings? Mark -----Original Message----- From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx] Posted At: Thursday, December 11, 2003 7:54 PM Posted To: www.isaserver.org Conversation: [isalist] Is ISA a good fit? Subject: [isalist] Is ISA a good fit? http://www.ISAserver.org Request For Information... It appears that lately I seem to be finding all the things that ISA cannot do. Is ISA supposed to be an "Enterprise" level application that can truly support Enterprise level needs? Or am I simply just asking too much of ISA. I am asking this sincerely. I have used MS Proxy and ISA for several years now. Frankly, I have not really looked at other products. But now that our business has grown, so has the complexity of our network. I keep running into issues where ISA is a roadblock and not a asset. Are the problems with authentication, not passing protocols (even when defined), VOIP, etc ISA centric, or am I going to have these same issues with any firewall product we purchase? In our mixed environment of Windows, Mac, Linux, and Solaris, is ISA really a good fit? Will there be a release of ISA that will address these issues in the immediate future? Thanks to all with more insight into this than I have. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')