[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: RE: Something about ISA Server 2000...
From: "David Henderson" <davesel () idzero ! co ! uk>
Date: 2001-10-28 17:31:27
[Download RAW message or body]
As far as clustering or resiliency goes, the ISA box can be configured as
part of an array for an enterprise solution and you can configure alternate
redundant paths to the outside world as well as sharing a common policy
across physical boxes. It is a scalable solution in my mind. Remember,
Nokia IPSO running Checkpoint FW1 or Cisco's PIX offer layer 3 control only,
whereas ISA gives you Layer3 (the firewall part) and layer 7 (the
application proxy part..).
With the price of hardware dropping all the time, a pair of ISA's in an
array bolstered by an HA pair of Nokia IPSO based machines at the outer
layer takes some beating. You've got a fair bit of admin to take care of,
granted, but these days the budget for this type of defense can be
legitimately argued for.
It's been said, in Sales & Marketing circles, that 'IT security is an
enabler..'. Its time we SysAdmins and NetAdmins start arguing for more
bucks to buy in the kit to protect the environments we treasure.
dh.
"The OSI doesn't have 7 layers. It has 9. Two of which are
hidden....politics and finance...."
-----Original Message-----
From: cxnolke@regence.com [mailto:cxnolke@regence.com]
Sent: 25 October 2001 18:53
To: Progenit Service S.r.l.
Cc: focus-ms@securityfocus.com
Subject: Re: Something about ISA Server 2000...
We did alot of evaluation with it at Dell when we were looking to create a
firewall with someone else's software.
Its a very capable suite. There was some concern that it tried to do too
much for our purposes. MSFT was continually criticized VPN wise for not
playing well with others. Clearly they tried to overcompensate, and it
makes it a very powerful tool for someone with *alot* of knowledge, and a
huge maze for a beginner.
Then there is the issue of redundancy/backup.
One gets the idea that this was not designed as an enterprise level suite.
It would not compete well with PIX or Nokia. No command line for
scripting, no cluster/backup solution (as of the release candidate we had 1
year ago), etc. But then that probably isnt the intended market.
It probably would compete well with Watchguard, Sonicwall, etc, although
both of those two have an interface that is easier for beginners or for the
semi-knowlegdable common in the small IT shops.
IMHO, YMMV, etc.
chris nolke
----------------------------------
security geek -cxnolke@regence.com
The Regence Group
"Progenit Service
S.r.l." To:
<focus-ms@securityfocus.com>
<agente_progenit@public cc:
.iunet.it> Subject: Something
about ISA Server 2000...
10/25/2001 03:10 AM
Hi all,
has someone an opinion (good or bad....)concerning ISA Server 2000
installed
as firewall? How many differences are among this software solution from
Microsoft and Check Point Firewall-1, Netscreen 10/100, Watchguard or Cisco
PIX?
Any help would be appreciated.
Thanks
---------------------------------------------------------------
Giancarlo Ballestracci
Technical Support
Progenit Service S.r.l. Agenzia TENOVIS-NEWTEL
Telecommunications - Information Security - New Technologies
Tel 055-456336 Fax 055-452330
---------------------------------------------------------------
===========================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely
for the entity or individual to whom it is addressed. If you are not the
intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, or distribution of this message is strictly
prohibited. Nothing in this email, including any attachment, is intended
to be a legally binding signature.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic