bidders1
asked on
Need an alternative for ISA
I have a 2003 MS Server environment, with an Exchange server for email. We have about 8 users. Many situations have come up where ISA has caused problems, and I would like to get some advice on the best firewall(s) I should be using to make things easier. Please advise!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
RPPreacher, you have probably experienced that not everyone agrees with that view. Especially not in open source.
As there is also a point of view that open source is better - and can be beter hardened - because of the many eyes looking at it. While proprietary systems is the opposite. That's also the reason why most encryption algorithms are very well published.
But I think we are getting out of scope here.
For a small environment it's easy: buy a dedicated hardware solution.
J.
As there is also a point of view that open source is better - and can be beter hardened - because of the many eyes looking at it. While proprietary systems is the opposite. That's also the reason why most encryption algorithms are very well published.
But I think we are getting out of scope here.
For a small environment it's easy: buy a dedicated hardware solution.
J.
Everyone does not agree. That is why I said "I prefer", indicating an opinion.
I am an RHCE and an MCSE so I walk in both worlds (ala Ghost Rider) ;-)
There is uninformed prejudices on both sides.
I am an RHCE and an MCSE so I walk in both worlds (ala Ghost Rider) ;-)
There is uninformed prejudices on both sides.
Great, then we understand eachother.
BTW, CISSP here, so also independent views ;-)
J.
BTW, CISSP here, so also independent views ;-)
J.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Indeed Keith, great response.
We have been focusing on replacing ISA, but never asked what the issues are.
So bidders1, what are those issues?
Technical problems, configuration weaknessess, lack of understanding the product, etc ...
If it's lack of understanding then follow a course with someone like Keith (you don't become MCT overnight!). If you are switching to another product then you'll also have a learning curve.
J.
We have been focusing on replacing ISA, but never asked what the issues are.
So bidders1, what are those issues?
Technical problems, configuration weaknessess, lack of understanding the product, etc ...
If it's lack of understanding then follow a course with someone like Keith (you don't become MCT overnight!). If you are switching to another product then you'll also have a learning curve.
J.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the all of the valuable input. From the earlier comments, I am more or less convinced that I should go with a hardware firewall.
In regards to the problems we've encountered with ISA: both my network administrator and programmer have run until several issues with ISA for which Microsoft Support was unable to resolve. In fact, the network administrator now refuses to install ISA on any of his client's machines. I happen to like Microsoft and do not want to criticize their product, but I have to do what's best for my particular situation. It may be that ISA does a great job for people who have, or can obtain, a thorough understanding of the product, but for a novice like myself, it has been the root of more problems than other firewalls I've used.
In regards to the problems we've encountered with ISA: both my network administrator and programmer have run until several issues with ISA for which Microsoft Support was unable to resolve. In fact, the network administrator now refuses to install ISA on any of his client's machines. I happen to like Microsoft and do not want to criticize their product, but I have to do what's best for my particular situation. It may be that ISA does a great job for people who have, or can obtain, a thorough understanding of the product, but for a novice like myself, it has been the root of more problems than other firewalls I've used.
If you must then so be it; as you say, you have to do what is right for your situation.
In my view the next best product is a Cisco PIX or the newer ASA boxes.
In my view the next best product is a Cisco PIX or the newer ASA boxes.
Thanks :)
ASKER
Could you please provide your opinions on software-based vs. hardware-based firewalls?