• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 200x

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA 2006 Wish List >> ISA 200x Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 200x - 10.Dec.2006 8:31:50 PM   
alfalfa6945

 

Posts: 12
Joined: 20.Dec.2003
Status: offline
This is going to sound like a "bitch" list, not a "wish" list. Read into it what you may, but it is factual nontheless.

1) Lose the CSS part of ISA. Prove to me that ISA could not be written to NOT have to use this setup. It's unnecessary, inversely affects network troubleshooting, _may_ require a stand alone server (but two extra servers would be better) or "dirtying" a domain controller (or two). I don't have enough bad things to say about a firewall that almost _requires_ external configuration storage. I want my firewall to do its job, not put pieces of itself all over the internal network. Last time I saw behavior like this it had Save.exe and Gator attached to it and called itself KaZaa and RealPlayer.

2) Money. A'hm talkin' 'bout money. Honestly, who comes up with the pricing structure for ISA firewall?  $6000 for  ISA  2006 Enterprise (single cpu) plus a $Gr for the OS that it _requires_ to function, plus $pick-your-price for the hardware part of this equation, then you can double it (or then some) because you need two such setups to make use of the "enterprise" feature. Add some more $money if you want to have things like virus checking, content filtering, etc. That is a monumental amount of money for a redundant basic packet filter setup... ISA is very nice, but not that nice.

3) But wait, I'm not done with the cost issue yet. Microsoft will charge you $1500 for the "standard" version, $6000 for the "enterprise" version. Say what? The math tells me that I'm paying $4500 for NLB and CARP (and possibly this "feature" of having the configuration Borg'd all over the internal network). $4500 for NLB? $4500 if you want what could best be described as the _ability_ to have a "hot standby" (_ability_ because you'd need to spend the $4500 again on another machine to make a pair). That's NLB? That's CRAP. Somewhere an executive at EMC is laughing knowing that his own Rainconnect is superior and at ~$5Gr is actually _substantially_ cheaper...

4) Since I broached the subject of NLB, let's discuss. Microsoft has wizards for everything. They probably have a wizard to help me make a spiced latte using spices imported from the finest middle east locations, using coffee beans from the highest mountains in Columbia, harvested at just the right time of a full moon night and handled only by vestal virgins. But do they have a wizard to make this multi-thousand dollar NLB option come to life? No. Seriously, you almost have to wave a dead chicken over the servers and hold a seance in order to bring up a fully functioning NLB setup... Unacceptable.

5) People still have to go to Microsoft Downloads if they want some of the tools for use with ISA. Just a thought, but why not include them on the disk? Okay, so some people (most maybe) don't use them. Then I guess they never have to directory surf to find them on the ISA disk. It may have saved someone some time and grief of having to find them on Microsoft's site, the whole time thinking about the $6Gr+ it cost and they couldn't be bothered to include them on the CD. Or, and I'm really going out on a limb here, why not make some of them _part_ of ISA? Somewhere, in a cold, dark, executivey room, a collective _WHAT?_ emerges, as flames shoot from the backs of said executives as they muster up a "WHAT DID HE SAY?" in a tone sounding like it was generated from the bowels of a very deep place...

Maybe I'd sound less hostile if I just "wished" for *common sense* to be included in the next version...
Post #: 1
RE: ISA 200x - 3.Jan.2007 10:33:31 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
1) Lose the CSS part of ISA. Prove to me that ISA could not be written to NOT have to use this setup. It's unnecessary, inversely affects network troubleshooting, _may_ require a stand alone server (but two extra servers would be better) or "dirtying" a domain controller (or two). I don't have enough bad things to say about a firewall that almost _requires_ external configuration storage. I want my firewall to do its job, not put pieces of itself all over the internal network. Last time I saw behavior like this it had Save.exe and Gator attached to it and called itself KaZaa and RealPlayer.
TOM: Actually, this is pretty standard for any centralized management solution where you use centralized storage of policy for thousands of arrays is thousands of locations located thoughout the world. How else would you manage these hundreds or thousands of array from a single console and management interface and storage?

2) Money. A'hm talkin' 'bout money. Honestly, who comes up with the pricing structure for ISA firewall?  $6000 for  ISA  2006 Enterprise (single cpu) plus a $Gr for the OS that it _requires_ to function, plus $pick-your-price for the hardware part of this equation, then you can double it (or then some) because you need two such setups to make use of the "enterprise" feature. Add some more $money if you want to have things like virus checking, content filtering, etc. That is a monumental amount of money for a redundant basic packet filter setup... ISA is very nice, but not that nice.
TOM: Check the price list for ASA, Netscreen and Check Point. ISA pricing is consistent with its main competitors. The problem is that most people can't admit to themselves that the ISA Firewall is as secure, and in many cases, more secure, than their traditional "hardware" firewalls. However, I do agree that the prices for ALL FIREWALLS, including the ISA Firewalll, is too high.

3) But wait, I'm not done with the cost issue yet. Microsoft will charge you $1500 for the "standard" version, $6000 for the "enterprise" version. Say what? The math tells me that I'm paying $4500 for NLB and CARP (and possibly this "feature" of having the configuration Borg'd all over the internal network). $4500 for NLB? $4500 if you want what could best be described as the _ability_ to have a "hot standby" (_ability_ because you'd need to spend the $4500 again on another machine to make a pair). That's NLB? That's CRAP. Somewhere an executive at EMC is laughing knowing that his own Rainconnect is superior and at ~$5Gr is actually _substantially_ cheaper...
TOM: Actually, you're paying for centralized management. Check out the Check Point pricing for this feature set and you'll soon realize that you're saving a TON of money going with the ISA Firewall solution.

4) Since I broached the subject of NLB, let's discuss. Microsoft has wizards for everything. They probably have a wizard to help me make a spiced latte using spices imported from the finest middle east locations, using coffee beans from the highest mountains in Columbia, harvested at just the right time of a full moon night and handled only by vestal virgins. But do they have a wizard to make this multi-thousand dollar NLB option come to life? No. Seriously, you almost have to wave a dead chicken over the servers and hold a seance in order to bring up a fully functioning NLB setup... Unacceptable.
TOM: I don't understand this one. There is a built in wizard and it works for me every time.

5) People still have to go to Microsoft Downloads if they want some of the tools for use with ISA. Just a thought, but why not include them on the disk? Okay, so some people (most maybe) don't use them. Then I guess they never have to directory surf to find them on the ISA disk. It may have saved someone some time and grief of having to find them on Microsoft's site, the whole time thinking about the $6Gr+ it cost and they couldn't be bothered to include them on the CD. Or, and I'm really going out on a limb here, why not make some of them _part_ of ISA? Somewhere, in a cold, dark, executivey room, a collective _WHAT?_ emerges, as flames shoot from the backs of said executives as they muster up a "WHAT DID HE SAY?" in a tone sounding like it was generated from the bowels of a very deep place...
TOM: Now that is a GOOD idea!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to alfalfa6945)
Post #: 2
RE: ISA 200x - 12.Jan.2007 10:52:54 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
The reason they don't include them on the disk is that as soon as they're included there, it becomes a supported file from Microsoft, and therefore, must be fixed if there is a problem. I worked in MSFTs PSS for 5 years and this is how they think about the utilities.

If they include it on the microsoft.com website, there's no requirement a problem with the utility must be fixed - it' just like the Windows Resource Kit utilities.

I'm not saying it's right, I'm just saying that's the way it is.

< Message edited by ClintD -- 12.Jan.2007 10:53:57 AM >

(in reply to tshinder)
Post #: 3
RE: ISA 200x - 13.Jan.2007 1:17:24 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Clint,

OK, that does make sense.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to ClintD)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> ISA 2006 Wish List >> ISA 200x Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts