Discussion about article on why to upgrade to the 2004 ISA Firewall (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> General



Message


tshinder -> Discussion about article on why to upgrade to the 2004 ISA Firewall (6.Nov.2004 9:52:00 PM)

This thread is for discussing the reasons for upgrading to the 2004 ISA Firewall at http://isaserver.org/articles/why_upgrade.html.

Thanks!
Tom

[ November 06, 2004, 10:01 PM: Message edited by: tshinder ]




Ara.A -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (6.Nov.2004 10:42:00 PM)

Thanks [Big Grin]




Guest -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (7.Nov.2004 12:17:00 AM)

Why don't you explain us how to upgrade ISA2000SP2/Windows2000SP4 to ISA2004/Win2k3?
Tnx




Ara.A -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (7.Nov.2004 12:18:00 AM)

Backup your isa configuration. Update the windows. Then run upgrade wizard from isa cd. [Big Grin]
http://www.microsoft.com/technet/community/chats/trans/isa/isa_090104.mspx

[ November 07, 2004, 12:20 AM: Message edited by: Ara ]




tshinder -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (7.Nov.2004 1:31:00 PM)

quote:
Originally posted by <Vico>:
Why don't you explain us how to upgrade ISA2000SP2/Windows2000SP4 to ISA2004/Win2k3?
Tnx

Hi Vico,

1. Document your config
2. Uninstall ISA 2000
3. Learn how ISA 2004 works
4. Install ISA 2004
5. Recreate your config

That's how I do it.

HTH,
Tom




rpalnik -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (7.Nov.2004 2:17:00 PM)

"The new ISA firewall allows you to choose between using the IP address on the internal interface of the ISA firewall or the original remote hostĘs IP address."

I wasn't able to use the SMTP filter in ISA2000 because it broke RDNS in my spam filter. Does this mean that RDNS will now work in ISA2004?




tshinder -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (7.Nov.2004 2:27:00 PM)

Hi R,

Why are you using reverse DNS lookups??? We never recommend those because of the illicit nature of those who keep the databases.

However, if you choose this method (which we highly recommend AGAINST), the ISA firewall certainly won't interfere with it.

HTH,
Tom

[ November 07, 2004, 02:27 PM: Message edited by: tshinder ]




dfry -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (12.Nov.2004 9:04:00 PM)

Tom, If we decide to upgrade to 2004 will it retain my OWA site that I currently have set up using forms based? Will it also retain all of my site and content rules, protocol rules and my destination sets.




msnider -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (19.Nov.2004 4:11:00 PM)

We have ISA 2000 runing with Websense filtering on a box but need to get the config files to a new box running ISA 2004. What is the best way to do this?




brianp -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (19.Nov.2004 7:23:00 PM)

thanks for the article Tom. OK, i'm sold. Now it's time to invest in learning ISA 2004. One question though...what's the best way to do that (other than buying your '04 book..which is a given)? ... Since my small company lacks a lot of servers, i would like to setup a virtual lab (with ms virtual server 05?), on a single server to test the configuration. Is this the best way to approach this? I've never used virtual server technology before. But we just don't have enough $$ to purchase hardware to duplicate our production environment. What are the server hardware requirements to do this? Can you or anybody give me some guidance here?




ferrp -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (21.Nov.2004 3:34:00 AM)

quote:
Originally posted by brianp:
thanks for the article Tom. OK, i'm sold. Now it's time to invest in learning ISA 2004. One question though...what's the best way to do that (other than buying your '04 book..which is a given)? ... Since my small company lacks a lot of servers, i would like to setup a virtual lab (with ms virtual server 05?), on a single server to test the configuration. Is this the best way to approach this? I've never used virtual server technology before. But we just don't have enough $$ to purchase hardware to duplicate our production environment. What are the server hardware requirements to do this? Can you or anybody give me some guidance here?

This is exactly how I did it at my company and at home. Virtual technology really is the greatest thing since sliced bread. The flexibility in networking will allow you to put an ISA box up and clients on either side. You will want some pretty decent hardware or else you'll get frustrated at the VM's performance. Most important is memory, then processor. If you are just using virtual server for testing, you can get away with a high end workstation. I would recommend at least a P4 3.0 if not xeon. And again, memory is your friend. Give your vm's as much memory as you would if the machine was physical (leaving enough for the virtual host as well). You'll also want a good disk subsystem like scsi or SATA w/WD raptor disks if price is a concern




tshinder -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (21.Nov.2004 5:02:00 PM)

quote:
Originally posted by dfry:
Tom, If we decide to upgrade to 2004 will it retain my OWA site that I currently have set up using forms based? Will it also retain all of my site and content rules, protocol rules and my destination sets.

Hi Dfry,

I wouldn't do an in place upgrade. I'd doc out the current config and replicate it. There are many many things you need to take into consideration when using the upgrade tool and a high probability for surprizes.

HTH,
Tom




tshinder -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (21.Nov.2004 5:03:00 PM)

quote:
Originally posted by msnider:
We have ISA 2000 runing with Websense filtering on a box but need to get the config files to a new box running ISA 2004. What is the best way to do this?

Hi M,

I'd ask Websense about that.

HTH,
Tom




tshinder -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (21.Nov.2004 5:06:00 PM)

quote:
Originally posted by brianp:
thanks for the article Tom. OK, i'm sold. Now it's time to invest in learning ISA 2004. One question though...what's the best way to do that (other than buying your '04 book..which is a given)? ... Since my small company lacks a lot of servers, i would like to setup a virtual lab (with ms virtual server 05?), on a single server to test the configuration. Is this the best way to approach this? I've never used virtual server technology before. But we just don't have enough $$ to purchase hardware to duplicate our production environment. What are the server hardware requirements to do this? Can you or anybody give me some guidance here?

Hi Brian,

You can use VMware to create a nice VM lab to test the configs and learn how the ISA firewall works.

A great place to start is with the ISA kits. Check 'em out at:

http://www.microsoft.com/isaserver/techinfo/guidance/2004/configuration.asp

HTH,
Tom




xdakotakid -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (23.Nov.2004 8:00:00 PM)

So what is your recommendation if you are running 2000 Enterprise, install 2004 Std and upgrade to 2004 Ent when it ships? Wait?




msnider -> RE: Discussion about article on why to upgrade to the 2004 ISA Firewall (24.Nov.2004 10:29:00 PM)

I have talked to Websense. They said to do an inplace upgrade to Websense 5.5 then copy files to the new box with ISA 2004 and Websense 5.5. Should I also do and upgrade on the ISA 2000 to 2004 then save the .xml file




Page: [1]