RE: Motivation for ISA2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 11 Aug 2005 07:17:10 -0500
Inline..
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: William Robertson [mailto:william.robertson@xxxxxxxxxx]
> Sent: Thursday, August 11, 2005 7:03 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Motivation for ISA2004
>
> http://www.ISAserver.org
>
>
> Hi there
>
> If possible, could someone please confirm or deny the
> following statements?
>
> 1. As I have it, ISA 2004 is not a "free"/maintenance
> agreement upgrade from
> ISA 2000.
CONFIRM
>
> 2. I also gather that ISA2004 can now log directly to a SQL database.
CONFIRM
>
> 3. How does ISA2004 react if that database becomes
> unavailable? I.e. Does it
> first log to flat file and then import flat files into SQL?
DEPENDS on how you configure things
>
> 4. Are there any serious design changes/considerations that I
> will need to
> contemplate if I wish to upgrade my ISA2000 to ISA2004, or
> should it be a
> relatively simple upgrade process?
YES -- the new ISA firewall is a full-fledged stateful packet and
application layer inspection firewall. The networking model is
completely revamped and you can leverage only maybe 15-20% of your ISA
Server 2000 knowledge to install, configure and manage the ISA firewall.
>
> 5. Is it recommended/approved to upgrade ISA2000 to ISA2004, or is it
> preferable to do a full reinstallation?
FULL INSTALL. Doc out your firewall policy and understand your network
security goals. Apply those goals to the new firewall model introduced
with ISA 2004, you'll be glad you did :)
>
> 6. Is it at all possible within an ISA2004 upgrade to
> "change" the ISA2000
> configuration to Caching Mode only?
NEVER deploy an ISA firewall as a single NIC firewall. Its like giving a
soldier a Desert Eagle .50 and no ammo. I'm working with some
pharmaceutical companies to see if I can get gratis neuroleptic
treatments for sec admins who advise the single-NIC ISA firewall,
because its clear they aren't perceiving reality very well.
HTH,
Tom
>
> Thanks guys
> Cheers
> William R.
>
>
> ---------------------------------------------------------------------
> Everything in this e-mail and attachments relating to the official
> business of Columbus Stainless is proprietary to the company. It is
> confidential, legally privileged and protected by law. Columbus
> Stainless does not own and endorse any other content. Views and
> opinions are those of the sender unless clearly stated as being that
> of Columbus Stainless. The person addressed in the e-mail is the sole
> authorised recipient. Please notify the sender immediately if it has
> unintentionally reached you and do not read, disclose or use the
> content in any way. Whilst all reasonable steps are taken to ensure
> the accuracy and integrity of information and data transmitted
> electronically and to preserve the confidentiality thereof, no
> liability or responsibility whatsoever is accepted if information or
> data is, for whatever reason, corrupted or does not reach its intended
> destination.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
