Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 618
  • Last Modified:

Replacement for ISA 2000

I have a client who has ISA 2000 in place currently.  I am decommisioning the server with ISA 2000, and would like some suggestions for a replacement.  It is for a small busines of 25 people. Stability of remote access is paramount.  I need a solution which will take care of firewall functionality, VPN/remote access and provide a robust and reliable substitue.
I am open to hardware as well as software solutions however in your suggestions bare in mind that this is a small business thus budget is limited.
My goals are to 1.) provide robust and reliable remote access to clients, 2.) Firewall solution for the company which is easy to manage, 3.) Integrate with a windows 2003/2008 envoironment and exchange 2007.
0
Hirenc
Asked:
Hirenc
  • 3
  • 3
  • 2
  • +3
3 Solutions
 
farazhkhanCommented:
Hi,

I would suggest you to go for a good hardware router/firewall like draytek vigor ADSL where you will get all in one place, like you can have it's built in VPN solution for PPTP/L2TP, Internet keyword/URL blocking, Inbound/Outbound rules, cheap in cost, reliable.

Regards,
Faraz H. Khan
0
 
drawlinCommented:
These are pretty good and not very expensive.

http://www.cdw.com/shop/products/default.aspx?EDC=1642443

License renwal is about $400 a year and you can also purchase AV/IPS/Anti-spyware license.  this will talk to Windows RADIUS services for VPN authentication.  
0
 
HirencAuthor Commented:
Thanks for your swift replies. I have used the draytek's for a good number of years, however they aren't reliable enough especially with VPN's.  From the 2600 up to the present 2820's they have always been a bit unreliable relative to ISA.  
I have never needed to restart ISA over the last 5 years at this client site due to vpn problems etc, and need something to match that level of stability,  
Drawlin, does the sonicwall solution you have suggested require me to install VPN software on remote clients or can clients connect using the windows inbuilt VPN client software
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Keith AlabasterEnterprise ArchitectCommented:
You get what you pay for in this world and ISA Server is still the best firewall/application gateway in the world.
Budget is subjective to what you want to protect - and what the cost might be should security be compromised.

Frankly speaking, if it is just for 25 users or for 25000 users, security is normally the same. if you are happy with ISA, why would you not just replace it with a newer version?
ISA2006 is still in mainstream support for another 18 months or so followed by another 5 years in extended support or you can go for a 64-bit OS and use the new FTMG (ISA2010).

If you just want to go through the motions of security then put a cheap router/firewall in place like a Draytek/Linksys or similar.

keith - ISA Forefront MVP
0
 
HirencAuthor Commented:
Thanks Keith, to be honest I have been perfectly happy with ISA, it was implemented by a previous colleague a good number years ago.  because of its stability rather lazily I haven't got round to learning it inside out, but just enough to migrate it and carry out basic administration.  
I am looking to decommision the server that it is hosted on and would be deffintley interested in moving towards a 64 bit O/S (already have 64bit win 2003 to host exchange 2007.)  
The FTMG option does intrigue me as i rather put in a more modern solution then one that is in its latter days.  is it very similar to previous versions of ISA.  What differences /advantages/disadvantages are there relative to ISA.  Also is there a good amount of resource out there for me to become proficient with the product.
0
 
automationstationCommented:
I would highly recommend the Untangle solution... great software package (Super bundle) for what you get, easy to install and easy to manage.

http://www.untangle.com/Super-Bundle
0
 
Keith AlabasterEnterprise ArchitectCommented:
Big advantages. Obviously 64-bit is one of them and that it is EAL4+ accredited like its predecessors unlike some of the 'toy' products that are on the market but ostensibly:

All the stuff that ISA had originally - but not H323 support, that was only in ISA2000.
Full VPN - site and clients, NIS solution (Network Intrusion Signatures), Full publishing of servers now including Sharepoint, full publishing of Exchange 2007 and 2010, stacks of categories pre-built for web content filtering and monitoring (about time they did that) and shedloads more. this is a link to the FTMG (and UAG) homepages
http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx

It also provides malware protection but that is subscription based.

keith - ISA Forefront MVP
0
 
leakim971PluritechnicianCommented:
+1 for Forefront Edge Security, it work great.

From the news, you can work with two internet connexions : http://technet.microsoft.com/en-us/library/dd897038.aspx
0
 
Keith AlabasterEnterprise ArchitectCommented:
True - just bear in mind that ISP resilience is purely on load-balancing/failover, not on protocol distribution.
0
 
drawlinCommented:
I'm not married to a particular product vendor.  As a consultant I've had experience with Cisco, Firebox, Sonicwall, Sidewinder, ISA and Checkpoint.  They are all good and all offer the same features at a competitive price.  Each has a different user interface and brand specific nomenclatures for the objects that you will manage in the firewall/UTM appliance or server.

I have found that the learning curve to setting up these different products (for me) was shortest with the sonicwall device.  

To answer your prievious question, Yes, the sonicwall will require a client software to be loaded; which is why I also installed a ssl-vpn device.  
http://www.cdw.com/shop/products/default.aspx?EDC=840099

Hope this helps
0
 
HirencAuthor Commented:
QQuestion closed.  Did not resolve the issue but advice useful for moving forward
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now