?
Solved

Replacement for ISA 2000

Posted on 2010-01-10
11
Medium Priority
?
613 Views
Last Modified: 2012-05-08
I have a client who has ISA 2000 in place currently.  I am decommisioning the server with ISA 2000, and would like some suggestions for a replacement.  It is for a small busines of 25 people. Stability of remote access is paramount.  I need a solution which will take care of firewall functionality, VPN/remote access and provide a robust and reliable substitue.
I am open to hardware as well as software solutions however in your suggestions bare in mind that this is a small business thus budget is limited.
My goals are to 1.) provide robust and reliable remote access to clients, 2.) Firewall solution for the company which is easy to manage, 3.) Integrate with a windows 2003/2008 envoironment and exchange 2007.
0
Comment
Question by:Hirenc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
11 Comments
 
LVL 21

Assisted Solution

by:farazhkhan
farazhkhan earned 200 total points
ID: 26278762
Hi,

I would suggest you to go for a good hardware router/firewall like draytek vigor ADSL where you will get all in one place, like you can have it's built in VPN solution for PPTP/L2TP, Internet keyword/URL blocking, Inbound/Outbound rules, cheap in cost, reliable.

Regards,
Faraz H. Khan
0
 
LVL 5

Expert Comment

by:drawlin
ID: 26278784
These are pretty good and not very expensive.

http://www.cdw.com/shop/products/default.aspx?EDC=1642443

License renwal is about $400 a year and you can also purchase AV/IPS/Anti-spyware license.  this will talk to Windows RADIUS services for VPN authentication.  
0
 
LVL 1

Author Comment

by:Hirenc
ID: 26278949
Thanks for your swift replies. I have used the draytek's for a good number of years, however they aren't reliable enough especially with VPN's.  From the 2600 up to the present 2820's they have always been a bit unreliable relative to ISA.  
I have never needed to restart ISA over the last 5 years at this client site due to vpn problems etc, and need something to match that level of stability,  
Drawlin, does the sonicwall solution you have suggested require me to install VPN software on remote clients or can clients connect using the windows inbuilt VPN client software
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 26279122
You get what you pay for in this world and ISA Server is still the best firewall/application gateway in the world.
Budget is subjective to what you want to protect - and what the cost might be should security be compromised.

Frankly speaking, if it is just for 25 users or for 25000 users, security is normally the same. if you are happy with ISA, why would you not just replace it with a newer version?
ISA2006 is still in mainstream support for another 18 months or so followed by another 5 years in extended support or you can go for a 64-bit OS and use the new FTMG (ISA2010).

If you just want to go through the motions of security then put a cheap router/firewall in place like a Draytek/Linksys or similar.

keith - ISA Forefront MVP
0
 
LVL 1

Author Comment

by:Hirenc
ID: 26279171
Thanks Keith, to be honest I have been perfectly happy with ISA, it was implemented by a previous colleague a good number years ago.  because of its stability rather lazily I haven't got round to learning it inside out, but just enough to migrate it and carry out basic administration.  
I am looking to decommision the server that it is hosted on and would be deffintley interested in moving towards a 64 bit O/S (already have 64bit win 2003 to host exchange 2007.)  
The FTMG option does intrigue me as i rather put in a more modern solution then one that is in its latter days.  is it very similar to previous versions of ISA.  What differences /advantages/disadvantages are there relative to ISA.  Also is there a good amount of resource out there for me to become proficient with the product.
0
 
LVL 6

Expert Comment

by:automationstation
ID: 26279356
I would highly recommend the Untangle solution... great software package (Super bundle) for what you get, easy to install and easy to manage.

http://www.untangle.com/Super-Bundle
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 26279755
Big advantages. Obviously 64-bit is one of them and that it is EAL4+ accredited like its predecessors unlike some of the 'toy' products that are on the market but ostensibly:

All the stuff that ISA had originally - but not H323 support, that was only in ISA2000.
Full VPN - site and clients, NIS solution (Network Intrusion Signatures), Full publishing of servers now including Sharepoint, full publishing of Exchange 2007 and 2010, stacks of categories pre-built for web content filtering and monitoring (about time they did that) and shedloads more. this is a link to the FTMG (and UAG) homepages
http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx

It also provides malware protection but that is subscription based.

keith - ISA Forefront MVP
0
 
LVL 82

Expert Comment

by:leakim971
ID: 26280366
+1 for Forefront Edge Security, it work great.

From the news, you can work with two internet connexions : http://technet.microsoft.com/en-us/library/dd897038.aspx
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 26281027
True - just bear in mind that ISP resilience is purely on load-balancing/failover, not on protocol distribution.
0
 
LVL 5

Assisted Solution

by:drawlin
drawlin earned 300 total points
ID: 26290493
I'm not married to a particular product vendor.  As a consultant I've had experience with Cisco, Firebox, Sonicwall, Sidewinder, ISA and Checkpoint.  They are all good and all offer the same features at a competitive price.  Each has a different user interface and brand specific nomenclatures for the objects that you will manage in the firewall/UTM appliance or server.

I have found that the learning curve to setting up these different products (for me) was shortest with the sonicwall device.  

To answer your prievious question, Yes, the sonicwall will require a client software to be loaded; which is why I also installed a ssl-vpn device.  
http://www.cdw.com/shop/products/default.aspx?EDC=840099

Hope this helps
0
 
LVL 1

Author Closing Comment

by:Hirenc
ID: 31675229
QQuestion closed.  Did not resolve the issue but advice useful for moving forward
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question