RE: Nortel ISA Hardware Firewall
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 14:37:34 -0500
Hi Amy,
You're absolutely right about that. For me, and for anyone who's
interested is doing the ISA firewall right, there's no reason to go
through such a route. But the Hardware ISA firewall is attractive to
those shops that want a plug and play solution and pay a premium and get
a hefty support contract, just like with Cisco and CP :)
And there's the problem that you mentioned. They think they can let it
sit there and gather dust until it dies. Look at the number PIXies,
Netscreens, Sonicwall and all the other "hardware" vendors offerings
that have rev after rev, but the "firewall admin" thinks it's a toaster
and that its working at top efficiency since hot air is coming out the
back vents.
Do you think it's the server concept, or the Microsoft angle? I know of
plenty of Novell boxes sitting under secretary's desks, coffee rooms,
and closets on college campuses that were set up by "some guy" and left
in production for years until the hardware died.
So, it's really up to how the ISA hardware vendor approaches this
problem. Network Engines has an autoupdate mechanism so that the
firewall updates itself. I believe that with v3, they enable you to
schedule when you want the updates to take place and when you want them
installed automaticlaly, so that if a reboot is required, it will take
place at the best time. Also, they pre-qualify the updates (I don't call
them patches, because most security updates aren't patching anything,
since it was broken to begin with -- if I put bars on my windows because
the neighborhood went downhill, I'm not 'patching' the windows, because
there's nothing wrong with them -- it's the neighborhood that needs
patching)
On the other end of the spectrum is the HP offering. They don't really
try to make it looking like a "hardware firewall". Instead, they just
call it a pre-install of the OS and ISA. This config gives you all the
same Windows exposure and would engender the same paranoid you might
have with your Exchange Server :) But that's a good think if it makes
you more mindful of the need for security updates.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 2:17 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Nortel ISA Hardware Firewall
>
> http://www.ISAserver.org
>
> Tom,
>
> More exposure for ISA is a good thing. But what's your experience with
> hardware firewalls? Mine is that they sit until they die and never get
> updated. Companies that own them treat them like the copy
> machine. They
> just keep using it and essentially ignoring it until they die. As long
> as it's working, it's a no touch item. Both the copy machine and the
> firewall tend to be the oldest hardware in the office.
>
> At least a "server" they can understand needs to be kept up to date.
>
> Amy
>
> Harbor Computer Services
> Small Business Computer Specialists
>
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>
>
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 3:15 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Nortel ISA Hardware Firewall
>
> http://www.ISAserver.org
>
> Run PIX, run!
>
> http://spaces.msn.com/members/drisa/Blog/cns!1p9yz6owxXl-uIlyq
> IZXkCrg!27
> 1.entry
>
> :-)
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
