• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Roll up discussion link for posts up to 11-18-2005

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> Roll up discussion link for posts up to 11-18-2005 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Roll up discussion link for posts up to 11-18-2005 - 13.Nov.2005 7:35:15 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Roll up discussion link for posts up to 11-18-2005 - 18.Nov.2005 3:37:10 PM   
JakinH

 

Posts: 13
Joined: 2.Nov.2005
From: Wisconsin
Status: offline
lol, comparing ISA server to a firewall that runs off of a CD.  I really hope that ISA would win.  Although monowall has a leg up when it comes to traffic shaping.  Microsoft should really take a closer look at that.

I'd really be interested in a comparison of ISA vs. Checkpoint or some other mature firewall.

(in reply to tshinder)
Post #: 2
RE: Roll up discussion link for posts up to 11-18-2005 - 18.Nov.2005 4:52:43 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jakin,

The ISA firewall is EAL4+ certified. I'd say that makes it pretty darned mature. Also, like all other mature firewalls, there are NO DOCUMENTED incidents where the ISA firewall, when properly configured has been compromised. You just can't say that about the big player in the market, but you can say that about the ISA firewall. Ha!

We've also included a comprehensive comparitive analysis in chapter 3 of the book, although its a bit out of date.

I agree, the ISA firewall falls down on traffic shaping, which is something they really need to fix, but Moonwall falls down on security, but I admit, is a darned good router oriented firewall.

Thanks!
Tom

< Message edited by tshinder -- 18.Nov.2005 4:56:23 PM >


_____________________________

Thomas W Shinder, M.D.

(in reply to JakinH)
Post #: 3
RE: Roll up discussion link for posts up to 11-18-2005 - 21.Nov.2005 9:43:52 PM   
thejun

 

Posts: 109
Joined: 21.Jan.2002
Status: offline
The BITS is going to be nice, a good feature to add.
The only 2 times I have had to reboot ISA is when our CISCO switches were rebooted. 
for some reason it locked up the NIC somehow, which might be a 2003 server issue, not an ISA issue.

The only 3 problems I wished fixed for 2006 is better ftp functionality, and a destination set wizard.
for example, if i added a rule for cnn.com, the wizard should pull all the additional url's and ask me if I want to add them or not.
Or make the connectivity verifier better....
I use cyfin for reporting, but ISA should integrate some better reporting...

And I agree, ISA Firewall I think slightly better than same-class firewalls, for the sole fact that It can easily record gigabytes of logs.
and for auditing, this is great.

I have been using ISA since its inception, a VERY reliable and great Firewall!!

(in reply to tshinder)
Post #: 4
RE: Roll up discussion link for posts up to 11-18-2005 - 22.Nov.2005 5:11:07 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: thejun

The BITS is going to be nice, a good feature to add.
The only 2 times I have had to reboot ISA is when our CISCO switches were rebooted. 
for some reason it locked up the NIC somehow, which might be a 2003 server issue, not an ISA issue.

The only 3 problems I wished fixed for 2006 is better ftp functionality, and a destination set wizard.
for example, if i added a rule for cnn.com, the wizard should pull all the additional url's and ask me if I want to add them or not.
Or make the connectivity verifier better....
I use cyfin for reporting, but ISA should integrate some better reporting...

And I agree, ISA Firewall I think slightly better than same-class firewalls, for the sole fact that It can easily record gigabytes of logs.
and for auditing, this is great.

I have been using ISA since its inception, a VERY reliable and great Firewall!!

Hi Thejun,
You bet! The BITS stuff is going to really speed things up in a number of scenarios.
I hear you re: FTP. The only solice I have is that all firewalls have some type of problems with FTP -- its a horrid protocol and it seems like each firewall vendor messes it up in some way :)
I definitely agree regarding a wizard to simplify importing entries into the network objects, there's no reason why they can't do that.
ISA report should definitley include a method to at least drill down on reports for specific users.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to thejun)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> Tom's ISA Firewall Blog Discussion >> Roll up discussion link for posts up to 11-18-2005 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts