• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Comparison: WinRoute Pro & ISA Server [LONG] - Need your thoughts...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Comparison: WinRoute Pro & ISA Server [LONG] - Need your thoughts... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Comparison: WinRoute Pro & ISA Server [LONG] - Need you... - 18.Jun.2001 10:26:00 PM   
*Bobby*Digital*

 

Posts: 1
Joined: 18.Jun.2001
Status: offline
Hi there,

This is my first post to the ISAServer.org forums, so please bear with me .

I was wondering if anyone has any experience with Tiny Software's WinRoute Pro as a firewall/web cache server, and then has switched to using ISA Server.

I'm currently using WinRoute, and it's an absolutely superb product that is small, fast and VERY configurable (running as a NAT).

One of the specific features that I really like is the ability to filter traffic based on IP address. For example, I have Terminal Services installed on my Win2K Adv. Server that is running WinRoute Pro. To access it from a remote location, I added the remote location's IP to a list of 'Allowable' IP's. If the incoming packet to the destination does not match the 'Allowable' IP address filter, the packet is dropped and the connection is prevented. In this way, I can specifically determine which IP's have access to my network, and which do not. Now you might say that the source IP can be spoofed, and access gained, but the 'Allowable' IP's list isn't public (obviously ), and so that isn't really an issue.

Another favourite feature of mine is the Port Mapping feature. I can map any port to allow traffic through the Firewall to any defined client on the internal network. This works hand-in-hand with the 'Allowable' IP's filter that I have set, meaning that I can run server-applications such as WinVNC server on my Win2K Pro clients behind the Firewall, and only allow access to those clients from a predefined set of remote IP's.

I also don't have to specify which applications are allowed to connect to the Internet. Any communication initiated behind the firewall is automatically allowed through, while any communication attempting to connect to my network, that is outside the range of allowed IP's, is denied.

I can also remotely administer WinRoute (from the Internet or LAN) with a tiny (~800kb) application, that is the same one used on the server running WinRoute.

Some other features:
*has a web cache that you can configure to use various parameter for, such as file size cached, TTL, site-specific TTL, etc.
*has a mini-DNS forwarder built-in that forwards DNS queries that are known to the system (the one's assigned to your external interface through DHCP)
*has a mini-DHCP that provides clients with IP information including Default Gateway, DNS Server, Domain Name, Lease Time, and WINS Server based on a scope that you define
*built-in mail server (I'm not using it, so can't comment on it)
*can operate completely in stealth mode (invisible to the Internet, but fully functional)
*various other features too numerous to mention

WinRoute is completely secure (if setup right), and allows me the flexibility that I need in order to run applications without worrying about doing additional administration. It's completely transparent to end users, and I don't have to install any additional software on the client for it to work.

Some things I don't like:
*logs are not easy to read, but very detailed (which is good)
*not sure about its compatibility with Active Directory
*no reporting features
*interface needs a facelift and/or update
*a few minor issues that I can't remember right now

So, my questions are:

1) Has anybody had experience with both WinRoute Pro, and ISA Server, and have any thoughts on what pros and cons there are to either or both?
2) What requirements are there to running ISA? (I currently am using WinRoute's built-in DHCP, and DNS Forwarder) Do I need to configure DNS Server, DHCP Server, and/or any other servers in order to seamlessly use ISA?
3) Can I filter incoming connections by IP address like I can with WinRoute Pro?
4) How easy is ISA to set up? WinRoute did NOT take me very long to set up at all.
5) Will I have to micromanage ISA (as in specifically define what applications can and can't access the net and/or various ports)?
6) Is there a steep learning curve to ISA?
7) What exactly is the difference between SecureNAT and a Firewall client? When does one need to use SNAT, and when is the Firewall client used instead? Sorry if this is a stupid question, but I couldn't find any concrete info on this.

My setup:

*Windows 2000 Advanced Server running WinRoute Pro, WINS Server, Norton Corporate AV, VPN Server on a small LAN

Any thought or ideas you might have will be greatly appreciated!

Keep in mind I'm looking at durability, ease of use, flexibility, and manageability issues.

If anyone wants to try WinRoute Pro for themselves, you can download a 30 day eval from their site at: www.tinysoftware.com

Thanks in advance!

*Bobby*Digital*

PS: Thanks to Tom and Deb for providing a great web site with loads of USEFUL information that I'll be sure to use in the future (if I use ISA that is )!

[This message has been edited by *Bobby*Digital* (edited 18 June 2001).]

Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Comparison: WinRoute Pro & ISA Server [LONG] - Need your thoughts... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts