RE: PIX 515e and ISA 2000 (I know, I know)

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 8 Mar 2006 07:18:17 -0600

Here's a core fact you can take to the dopes who think a hardware
firewall is more secure:

Security is inversely proportional to ease of use and accessbility

Therefore, if you can understand the PIX and make it access the content
your users want, you've proven the PIX is nothing but a security
illusion and you're doing your company a disservice if you can't prove
that I'm incorrect.

BTW -- you have done *nothing* to demonstate that the ISA firewall is
the problem here.  At this point, I have as much positive proof that the
pix server is the problem. 


Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: cdx47 [mailto:extra_net@xxxxxxxxxxx] 
Sent: Wednesday, March 08, 2006 1:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)

http://www.ISAserver.org

Now Im really tempted to just remove ISA completely (see below). I
currently have ISA running on win2k3 sp1. Should I downgrade to win2k?
It
seemed to be a little more stable on that OS.

Again this morning, for no reason DNS stopped responding. I restarted
the
DNS service and nothing happened. I checked the ISPs DNS and everything
was fine. I rebooted ISA and everything came back. Im quite frankly fed
up
with this. I know 2004 is supposed to be more stable but I cant justify
the extra spend especially as most people still think hardware firewall
equals more secure and Microsoft Firewall equals reboot (in the case of
ISA 2000 I agree).

> In that case, please proceed. :)=20
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx]=20
> Sent: Tuesday, March 07, 2006 8:31 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> 
> http://www.ISAserver.org
> 
> Well, unless I misread, he asked how to make ISA 2000 and and PIX play
=
> nice, so it is not entirely irrelevant...
> 
> -----Message d'origine-----
> De=A0: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]=20
> Envoy=E9=A0: 7 mars 2006 09:25
> =C0=A0: [ISAserver.org Discussion List]
> Objet=A0: [isalist] RE: PIX 515e and ISA 2000 (I know, I know)
> 
> http://www.ISAserver.org
> 
> You're asking how to configure a dreaded PIX here?=20
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> -----Original Message-----
> From: cdx47 [mailto:extra_net@xxxxxxxxxxx]=20
> Sent: Tuesday, March 07, 2006 8:11 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] PIX 515e and ISA 2000 (I know, I know)
> 
> http://www.ISAserver.org
> 
> Hi all
> 
> I didnt really get any answers to my ISA VPN question so I just gave
up
> and I will install a PIX. For some reason the ISA VPN connects but I
> cant
> see the internal lan. Im not sure if I need a static route on the ISA
> box
> or not. But to be honest this is the last straw. Ive been using ISA
for
> 3
> years. Feature wise very good. Configuration very easy.
Stability.......
> Anyway I would like to combine the advantages of the PIX (we already
> have
> sitting here doing nothing) i.e. hardware VPN, stability, speed and
ISA
> 2000 exchange publishing , SMTP protection etc. I want to configure in
> the
> simple back to back configuration. Besides turning off Message Guard
on
> the PIX how do I get OWA/OMA through the PIX? Any other gotyas' I
should
> know about.
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
=
> gauthiera@xxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
=
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit =
> http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts: