Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,
I have some doubts about ISA server limits on both editions:
1- How many firewall policies can I create? 2- I know that ISA supports 1.000 simultaneos remote client vpn connection, but how many vpn site-to-site can is it support? 3- How many concurrent firewall connections is supported by ISA server?
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,
thanks for reply.
quote:
1. More than you'll create in a lifetime
Can you convert into numbers? You can tell the most you created for a company. Sorry for these questions, just want to find out more about ISA capabilities to compare with those hardware firewalls!!
quote:
3. 65,000+
Is it for both editions? If exist more than that, what happens?
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,
sorry if I mispelled. But I just want to compare the features and not the security.
I´m doing this because recently I was asked for my director to do a comparison between two hardware firewall. I´m afraid he wants to put one of those in the company, but I´m trully happy and satisfied with ISA. So, I´m trying to say is I want to have arguments against some comparison features.
sorry if I mispelled. But I just want to compare the features and not the security.
I´m doing this because recently I was asked for my director to do a comparison between two hardware firewall. I´m afraid he wants to put one of those in the company, but I´m trully happy and satisfied with ISA. So, I´m trying to say is I want to have arguments against some comparison features.
Regards, Paulo Oliveira.
Hi Paulo,
Best thing to do is show that the "hardware" firewalls (there is actually no such thing) are less secure, by showing how many vulnerabilities they have in the Secunia database. ALL "hardware" firewall have more vulnerabiliites, and are less secure, then the ISA firewall (at least as far as I can tell).
Show him those facts and then ask him way a less secure solution is a better solution.
You can scroll through their web sites, and since they bundle some add-ons on their appliances, your boss can get a better picture what a "loaded" ISA 2006 machine can do, for example: http://www.nappliance.com/products/nGatewaymISAE.asp
I think your boss read this:
quote:
The top-of-the-line Cisco ASA 5580-40 offers up to two million simultaneous connections, 750,000 security policies and 10 Gbps of firewall throughput
Not sure what a "security policy" is, but I have seen hardware firewalls that need a couple of firewall policies or how would they call it to achieve what ISA can achieve with a single access rule or publishing rule, so maybe this would be a reason why they need so many rules .....
Personal I've noticed that once you enter the hundreds of rules arena, it becomes painful for the eye and mind.
Regards, J
< Message edited by justmee -- 10.Aug.2008 1:29:20 PM >
Hi Paulo, The celestix ones are good. Note sure about naplliance, but personal I would like to get my hands on one of those, they look faster on paper than celestix, quite faster actually. Regards, J
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi J,
yeah, I´d like to have one to make some tests too. I was looking some screenshots from celestix site and seems extremally easy to manage and configure!
Hope someone here in the site already "play" with it and tell use the experience.
The setup is very easy and can be done with the Web interface or the jog-dial in front of the unit. Disaster recovery is a breeze, and you don't even lose your firewall rules, or you can go back to factory settings and use the backup you created with Backup for ISA Server.:)
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,
so, I´m assuming you already tested. That´s great to know. As I said before, I saw the screenshots and the configuration seems like a piece of cake!
One more question about ISA performance . How much users do you recommend to use Standard and Enterprise Edtions. I mean, company who have 10-150 users = Standard;150-3000 users = Enterprise
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
It's not just about user numbers...there are lots of reasons to use EE even if you have 10 users if certain factors are important to you. Two obvious ones are high-availability and centralised management.
EE will scale more, and hence be better for more users, mainly because you can add more servers and appear as one "logical ISA Server".
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Jason,
thanks for the reply. I´m not very familiar with ISA EE, but I know some features of it. I acctually use a ISA SE with 40 users and I was wondering if a company with 150 or 200 users will be enough with ISA SE or will be better EE (not talking about maintenance, but capacity).
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
In my experience SE is more than capable of providing enough capacity for 150-200 users. I don't think I would be surprised to see a well spec'd server running SE for 1000 users or even more TBH.
However if you want high availability, scalability or centralised management then an upgrade to EE is a sensible approach.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 General] >> General >> ISA server limits 
ISA server limits - 
Can you convert into numbers? You can tell the most you created for a company. Sorry for these questions, just want to find out more about ISA capabilities to compare with those hardware firewalls!! 
..... 
. How much users do you recommend to use Standard and Enterprise Edtions. 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread