lol, comparing ISA server to a firewall that runs off of a CD. I really hope that ISA would win. Although monowall has a leg up when it comes to traffic shaping. Microsoft should really take a closer look at that.
I'd really be interested in a comparison of ISA vs. Checkpoint or some other mature firewall.
The ISA firewall is EAL4+ certified. I'd say that makes it pretty darned mature. Also, like all other mature firewalls, there are NO DOCUMENTED incidents where the ISA firewall, when properly configured has been compromised. You just can't say that about the big player in the market, but you can say that about the ISA firewall. Ha!
We've also included a comprehensive comparitive analysis in chapter 3 of the book, although its a bit out of date.
I agree, the ISA firewall falls down on traffic shaping, which is something they really need to fix, but Moonwall falls down on security, but I admit, is a darned good router oriented firewall.
Thanks! Tom
< Message edited by tshinder -- 18.Nov.2005 4:56:23 PM >
The BITS is going to be nice, a good feature to add. The only 2 times I have had to reboot ISA is when our CISCO switches were rebooted. for some reason it locked up the NIC somehow, which might be a 2003 server issue, not an ISA issue.
The only 3 problems I wished fixed for 2006 is better ftp functionality, and a destination set wizard. for example, if i added a rule for cnn.com, the wizard should pull all the additional url's and ask me if I want to add them or not. Or make the connectivity verifier better.... I use cyfin for reporting, but ISA should integrate some better reporting...
And I agree, ISA Firewall I think slightly better than same-class firewalls, for the sole fact that It can easily record gigabytes of logs. and for auditing, this is great.
I have been using ISA since its inception, a VERY reliable and great Firewall!!
The BITS is going to be nice, a good feature to add. The only 2 times I have had to reboot ISA is when our CISCO switches were rebooted. for some reason it locked up the NIC somehow, which might be a 2003 server issue, not an ISA issue.
The only 3 problems I wished fixed for 2006 is better ftp functionality, and a destination set wizard. for example, if i added a rule for cnn.com, the wizard should pull all the additional url's and ask me if I want to add them or not. Or make the connectivity verifier better.... I use cyfin for reporting, but ISA should integrate some better reporting...
And I agree, ISA Firewall I think slightly better than same-class firewalls, for the sole fact that It can easily record gigabytes of logs. and for auditing, this is great.
I have been using ISA since its inception, a VERY reliable and great Firewall!!
Hi Thejun, You bet! The BITS stuff is going to really speed things up in a number of scenarios. I hear you re: FTP. The only solice I have is that all firewalls have some type of problems with FTP -- its a horrid protocol and it seems like each firewall vendor messes it up in some way :) I definitely agree regarding a wizard to simplify importing entries into the network objects, there's no reason why they can't do that. ISA report should definitley include a method to at least drill down on reports for specific users.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> Roll up discussion link for posts up to 11-18-2005 
Roll up discussion link for posts up to 11-18-2005 - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread