• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

isa 2006 or later vs appliance/no proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> isa 2006 or later vs appliance/no proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
isa 2006 or later vs appliance/no proxy - 7.Feb.2011 3:00:37 PM   
agnetsmith

 

Posts: 9
Joined: 7.Feb.2011
Status: offline
Hello,

We are in the process of upgrading our perimeter firewall and would like to see what is the best option.  I am currently using two x506 tippingpoints at the perimeter, which forward all the traffic to isa 2006 firewalls.  There is no HA or arrays setup, this is the main reason for the upgrade.  Basically a double Nat setup, with port forwarding.

We have one isa for incoming customer traffic, with load balanced T1s (3mb).  The other isa is for user internet access for internal users, with a single 15mb cable connection. 
If we choose not to go with ISA or a proxy, what are the advantages and disadvantages?  Currently all the browsers point to an Isa server/port number and they have the firewall client.


The alternative option is no Isa or proxy, each user has to point to a router as the gateway and dns server that knows the way out. Not all of our users get internet access, we control the internet use by a windows group and that group is added to an Isa rule.


The isa using the 15mb connection has a port mirrored in both directions, to a web filter server.  The web filter server monitors the sites visited, and is able to block based on rules.


Any help would be appreciated.


Thanks
Post #: 1
RE: isa 2006 or later vs appliance/no proxy - 9.Feb.2011 9:48:43 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

if you replace ISA firewall for a router, you have to think about the features you are going to loose, like advanced HTTP and publishing rules inspection, user-based access rules, cache server, VPN granularity.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to agnetsmith)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> isa 2006 or later vs appliance/no proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts