I see, in my opinion, some ISA allusions in the above post and I "feel" the need to "correct" them.
I would suggest you to read more carefully before posting, and to think after you read before you post, as you are missing quite a few details of the entire conversation.
If you take the phrases out of context and interpret them the way you want or so, obviously they will sound the way you want(for you and some), poorly at best for others.
First, both the people you mention in your post, already made clear statements within this thread(and not only) of their preferences, and you didn't do so within this thread, so who's biased, or at least what are you trying to say ?
Last time I've checked, Cisco was not a leader in the enterprise network firewalls arena(I'm not speaking from the market shares point of view), the leaders were Check Point and Juniper, with Secure Computing in the back offering some "special" things, although Cisco has a big market share(of course if you can understand that the two things are quite different).
If you wanted to be more accurate or whatever, you could mention that Cisco added over the time new features to their SSL VPN, and point the specific documents per ASA's versions(that's kids' stuff). Searching through time, although this is an ISA forum, just for the sake of the conversation:
Mapping Features from the VPN 3000 Concentrators to ASA
Configurable, available on all models. Offers features available on the latest Release 4.7 VPN 3000 Concentrator sustaining release, including:
•SSL VPN Client
•Cisco Secure Desktop
•Support for WebVPN is equivalent to that available on the VPN 3000 Series Concentrator Release 4.1.7.
•WebVPN is not available on PIX hardware.
Please tell me, where was the new "design" within the two bellow links, at that time, eh ?
Cisco firewalls are known to have the highest rates of product vulnerabilities in comparison with competitors, so is there anything great in getting p0wned when you deploy something specific for actually not getting p0wned ?
Cisco may offer the highest price per Gbps for their firewalls, quite unjustified since "this Gbps is far from being the most secure".
And yes, we can compare ISA with anything, and we are free to do so, as long as we have and bring arguments, arguments which clearly your post is lacking of. Anyway and anyhow, this is an ISA *orientated* web site, and politely said, I'm afraid I do not understand the nature of your comments....
ASA indeed offers more features over ISA, due to Microsoft's failure to add new features to ISA, new features that were actually very needed and desired. This aspect was discussed and acknowledged(directly or indirectly) all over and over around these forums.
However, almost none of the numerous ASA's features, are exactly impressive or shiny.
Now, to flame it a little bit, tell us with what "application proxy"(or so) is ASA often backed, because, as Marcus Ranum said in a reply to a Cisco fanboy:
>Most implementations of stateful firewalls are backed up by application proxies on the most popular protocols such as HTTP and FTP.
Yeah, because they suck. :)
< Message edited by adimcev -- 30.Jan.2009 11:42:54 AM >
Get Our ISA 2006 Book!: http://tinyurl.com/2gpoo8