Hi Amy, You're absolutely right about that. For me, and for anyone who's interested is doing the ISA firewall right, there's no reason to go through such a route. But the Hardware ISA firewall is attractive to those shops that want a plug and play solution and pay a premium and get a hefty support contract, just like with Cisco and CP :) And there's the problem that you mentioned. They think they can let it sit there and gather dust until it dies. Look at the number PIXies, Netscreens, Sonicwall and all the other "hardware" vendors offerings that have rev after rev, but the "firewall admin" thinks it's a toaster and that its working at top efficiency since hot air is coming out the back vents. Do you think it's the server concept, or the Microsoft angle? I know of plenty of Novell boxes sitting under secretary's desks, coffee rooms, and closets on college campuses that were set up by "some guy" and left in production for years until the hardware died. So, it's really up to how the ISA hardware vendor approaches this problem. Network Engines has an autoupdate mechanism so that the firewall updates itself. I believe that with v3, they enable you to schedule when you want the updates to take place and when you want them installed automaticlaly, so that if a reboot is required, it will take place at the best time. Also, they pre-qualify the updates (I don't call them patches, because most security updates aren't patching anything, since it was broken to begin with -- if I put bars on my windows because the neighborhood went downhill, I'm not 'patching' the windows, because there's nothing wrong with them -- it's the neighborhood that needs patching) On the other end of the spectrum is the HP offering. They don't really try to make it looking like a "hardware firewall". Instead, they just call it a pre-install of the OS and ISA. This config gives you all the same Windows exposure and would engender the same paranoid you might have with your Exchange Server :) But that's a good think if it makes you more mindful of the need for security updates. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Thursday, October 27, 2005 2:17 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Nortel ISA Hardware Firewall > > http://www.ISAserver.org > > Tom, > > More exposure for ISA is a good thing. But what's your experience with > hardware firewalls? Mine is that they sit until they die and never get > updated. Companies that own them treat them like the copy > machine. They > just keep using it and essentially ignoring it until they die. As long > as it's working, it's a no touch item. Both the copy machine and the > firewall tend to be the oldest hardware in the office. > > At least a "server" they can understand needs to be kept up to date. > > Amy > > Harbor Computer Services > Small Business Computer Specialists > > Client Blog: http://smalltechnotes.blogspot.com/ > Tech Blog: http://isainsbs.blogspot.com/ > Website: http://www.harborcomputerservices.net/ > > > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, October 27, 2005 3:15 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Nortel ISA Hardware Firewall > > http://www.ISAserver.org > > Run PIX, run! > > http://spaces.msn.com/members/drisa/Blog/cns!1p9yz6owxXl-uIlyq > IZXkCrg!27 > 1.entry > > :-) > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > **Who is John Galt?** > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >