Replacement for ISA 2000
I have a client who has ISA 2000 in place currently. I am decommisioning the server with ISA 2000, and would like some suggestions for a replacement. It is for a small busines of 25 people. Stability of remote access is paramount. I need a solution which will take care of firewall functionality, VPN/remote access and provide a robust and reliable substitue.
I am open to hardware as well as software solutions however in your suggestions bare in mind that this is a small business thus budget is limited.
My goals are to 1.) provide robust and reliable remote access to clients, 2.) Firewall solution for the company which is easy to manage, 3.) Integrate with a windows 2003/2008 envoironment and exchange 2007.
I am open to hardware as well as software solutions however in your suggestions bare in mind that this is a small business thus budget is limited.
My goals are to 1.) provide robust and reliable remote access to clients, 2.) Firewall solution for the company which is easy to manage, 3.) Integrate with a windows 2003/2008 envoironment and exchange 2007.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your swift replies. I have used the draytek's for a good number of years, however they aren't reliable enough especially with VPN's. From the 2600 up to the present 2820's they have always been a bit unreliable relative to ISA.
I have never needed to restart ISA over the last 5 years at this client site due to vpn problems etc, and need something to match that level of stability,
Drawlin, does the sonicwall solution you have suggested require me to install VPN software on remote clients or can clients connect using the windows inbuilt VPN client software
I have never needed to restart ISA over the last 5 years at this client site due to vpn problems etc, and need something to match that level of stability,
Drawlin, does the sonicwall solution you have suggested require me to install VPN software on remote clients or can clients connect using the windows inbuilt VPN client software
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Keith, to be honest I have been perfectly happy with ISA, it was implemented by a previous colleague a good number years ago. because of its stability rather lazily I haven't got round to learning it inside out, but just enough to migrate it and carry out basic administration.
I am looking to decommision the server that it is hosted on and would be deffintley interested in moving towards a 64 bit O/S (already have 64bit win 2003 to host exchange 2007.)
The FTMG option does intrigue me as i rather put in a more modern solution then one that is in its latter days. is it very similar to previous versions of ISA. What differences /advantages/disadvantages are there relative to ISA. Also is there a good amount of resource out there for me to become proficient with the product.
I am looking to decommision the server that it is hosted on and would be deffintley interested in moving towards a 64 bit O/S (already have 64bit win 2003 to host exchange 2007.)
The FTMG option does intrigue me as i rather put in a more modern solution then one that is in its latter days. is it very similar to previous versions of ISA. What differences /advantages/disadvantages are there relative to ISA. Also is there a good amount of resource out there for me to become proficient with the product.
I would highly recommend the Untangle solution... great software package (Super bundle) for what you get, easy to install and easy to manage.
http://www.untangle.com/Super-Bundle
http://www.untangle.com/Super-Bundle
Big advantages. Obviously 64-bit is one of them and that it is EAL4+ accredited like its predecessors unlike some of the 'toy' products that are on the market but ostensibly:
All the stuff that ISA had originally - but not H323 support, that was only in ISA2000.
Full VPN - site and clients, NIS solution (Network Intrusion Signatures), Full publishing of servers now including Sharepoint, full publishing of Exchange 2007 and 2010, stacks of categories pre-built for web content filtering and monitoring (about time they did that) and shedloads more. this is a link to the FTMG (and UAG) homepages
http://technet.microsoft.c
It also provides malware protection but that is subscription based.
keith - ISA Forefront MVP
All the stuff that ISA had originally - but not H323 support, that was only in ISA2000.
Full VPN - site and clients, NIS solution (Network Intrusion Signatures), Full publishing of servers now including Sharepoint, full publishing of Exchange 2007 and 2010, stacks of categories pre-built for web content filtering and monitoring (about time they did that) and shedloads more. this is a link to the FTMG (and UAG) homepages
http://technet.microsoft.c
It also provides malware protection but that is subscription based.
keith - ISA Forefront MVP
+1 for Forefront Edge Security, it work great.
From the news, you can work with two internet connexions : http://technet.microsoft.com/en-us/library/dd897038.aspx
From the news, you can work with two internet connexions : http://technet.microsoft.com/en-us/library/dd897038.aspx
True - just bear in mind that ISP resilience is purely on load-balancing/failover, not on protocol distribution.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
QQuestion closed. Did not resolve the issue but advice useful for moving forward
http://www.cdw.com/shop/products/default.aspx?EDC=1642443
License renwal is about $400 a year and you can also purchase AV/IPS/Anti-spyware license. this will talk to Windows RADIUS services for VPN authentication.