RE: Motivation for ISA2004

• From: "William Robertson" <william.robertson@xxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 11 Aug 2005 17:12:29 +0200

Hehe, at least you make me laugh Tom!!! :) Again, inline...
> 4. Are there any serious design changes/considerations that I 
> will need to
> contemplate if I wish to upgrade my ISA2000 to ISA2004, or 
> should it be a
> relatively simple upgrade process?
YES -- the new ISA firewall is a full-fledged stateful packet and
application layer inspection firewall. The networking model is
completely revamped and you can leverage only maybe 15-20% of your ISA
Server 2000 knowledge to install, configure and manage the ISA firewall.

Bugger, I only had 15-20% comprehension... 

> 
> 5. Is it recommended/approved to upgrade ISA2000 to ISA2004, or is it
> preferable to do a full reinstallation?
FULL INSTALL. Doc out your firewall policy and understand your network
security goals. Apply those goals to the new firewall model introduced
with ISA 2004, you'll be glad you did :)

Aye, like I've got anything better to do between 02:00 & 06:00 on Sunday
morning.


> 
> 6. Is it at all possible within an ISA2004 upgrade to 
> "change" the ISA2000
> configuration to Caching Mode only?
NEVER deploy an ISA firewall as a single NIC firewall. Its like giving a
soldier a Desert Eagle .50 and no ammo. I'm working with some
pharmaceutical companies to see if I can get gratis neuroleptic
treatments for sec admins who advise the single-NIC ISA firewall,
because its clear they aren't perceiving reality very well.
HTH,
Tom

Thankfully, my reasoning is slightly more pure. We (I mean the Network Admin
team) are looking at implementing the new Cisco ASA 550 series device, and
they may re-structure the entire "external connectivity" as well. It may
thus no longer be necessary to utilize ISA's firewalling capabilities to the
max, and so I was curious if it was possible to "downgrade".
I suppose I can just leave it as is and relax some of the rules if
necessary.


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official
business of Columbus Stainless is proprietary to the company. It is
confidential, legally privileged and protected by law. Columbus
Stainless does not own and endorse any other content. Views and
opinions are those of the sender unless clearly stated as being that
of Columbus Stainless. The person addressed in the e-mail is the sole
authorised recipient.  Please notify the sender immediately if it has
unintentionally reached you and do not read, disclose or use the
content in any way. Whilst all reasonable steps are taken to ensure
the accuracy and integrity of information and data transmitted
electronically and to preserve the confidentiality thereof, no
liability or responsibility whatsoever is accepted if information or
data is, for whatever reason, corrupted or does not reach its intended
destination.

Other related posts:

• » Motivation for ISA2004
• » RE: Motivation for ISA2004
• » RE: Motivation for ISA2004
• » RE: Motivation for ISA2004

1. Home
2. isalist
3. Archive
4. 08-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---