RE: Is ISA a good fit?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Dec 2003 21:19:09 -0800
Given that ISA was designed to operate in an Enterprise and Wingate wasn't,
it's no surprise that real-time monitoring was left out of ISA.
When you're serving several hundred thousand requests per second, real-time
monitoring is too expensive.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, December 11, 2003 13:14
Subject: [isalist] RE: Is ISA a good fit?
http://www.ISAserver.org
NachrichtI did find a few things since the last frustration which was using
CVS through ISA. It appears that it is somehow tied into using RRAS on the
same box as ISA, and the way that CVS does "data chunking", whatever that
is. As for authentication, it is what it is. I asked for somebody to look
at the IP conversion script on the isa tools list, but never got a response
from anybody. And as far as I can tell, SIP would be an issue with just
about any firewall. I'll just have to stick a NAT box in the DMZ and do it
that way for now. I still think I should be able to sit down at the ISA
terminal and see who in our enterprise is connected to what on the internet.
Even a $100 application like Wingate can do that, and ISA cannot without
plugins and addons.
----- Original Message -----
From: Mark Hippenstiel
To: [ISAserver.org Discussion List]
Sent: Thursday, December 11, 2003 12:40 PM
Subject: [isalist] RE: Is ISA a good fit?
http://www.ISAserver.org
Ray,
I do remember that you wanted to part with ISA not too long ago. I am glad
to see you sort of changed your mind - or at least you changed your
perspective :)
While I agree that the ISA log files are not a real bummer when it comes
to unauthenticated access (boy I do miss the IPs sometimes), I never
encountered problems with protocol passing that were not caused either
implicitly by protocol design or by insufficient knowledge on the side of
the operator.
IMO, you are going to have the very same problems with any other product
out there, unless it has built-in support for your special needs. But then
it's only a matter of time that you'll be facing another problem that this
product will not be able to address. The big pluses of ISA are scalability,
expandability and flexibilty, as well as the many third party products which
add extra functionality. Of course, some of the great features ISA offers
are MS centric, but this wouldn't disqualify it's suitability for mixed
environments.
The upcoming ISA 2004 will change a lot of things; you might want to check
out the ISA 2004 public beta, which is due in early 2004, see
http://www.microsoft.com/isaserver/beta/default.asp
As has been said already, the question for fitness can not be answered in
general. For the problems you outline, it depends on how much weight you put
on certain aspects of functionality to determine the fitness of a particular
product. If you really need to answer this question, why don't you put up a
decision chart, evaluate some other products and make a decision based on
your findings?
Mark
-----Original Message-----
From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
Posted At: Thursday, December 11, 2003 7:54 PM
Posted To: www.isaserver.org
Conversation: [isalist] Is ISA a good fit?
Subject: [isalist] Is ISA a good fit?
http://www.ISAserver.org
Request For Information...
It appears that lately I seem to be finding all the things that ISA
cannot do. Is ISA supposed to be an "Enterprise" level application that can
truly support Enterprise level needs? Or am I simply just asking too much
of ISA. I am asking this sincerely. I have used MS Proxy and ISA for
several years now. Frankly, I have not really looked at other products.
But now that our business has grown, so has the complexity of our network.
I keep running into issues where ISA is a roadblock and not a asset. Are
the problems with authentication, not passing protocols (even when defined),
VOIP, etc ISA centric, or am I going to have these same issues with any
firewall product we purchase? In our mixed environment of Windows, Mac,
Linux, and Solaris, is ISA really a good fit? Will there be a release of
ISA that will address these issues in the immediate future?
Thanks to all with more insight into this than I have.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
