Replacement for ISA 2000

I have a client who has ISA 2000 in place currently.  I am decommisioning the server with ISA 2000, and would like some suggestions for a replacement.  It is for a small busines of 25 people. Stability of remote access is paramount.  I need a solution which will take care of firewall functionality, VPN/remote access and provide a robust and reliable substitue.
I am open to hardware as well as software solutions however in your suggestions bare in mind that this is a small business thus budget is limited.
My goals are to 1.) provide robust and reliable remote access to clients, 2.) Firewall solution for the company which is easy to manage, 3.) Integrate with a windows 2003/2008 envoironment and exchange 2007.
LVL 1
Lucid SystemsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

farazhkhanCommented:
Hi,

I would suggest you to go for a good hardware router/firewall like draytek vigor ADSL where you will get all in one place, like you can have it's built in VPN solution for PPTP/L2TP, Internet keyword/URL blocking, Inbound/Outbound rules, cheap in cost, reliable.

Regards,
Faraz H. Khan
0
drawlinCommented:
These are pretty good and not very expensive.

http://www.cdw.com/shop/products/default.aspx?EDC=1642443

License renwal is about $400 a year and you can also purchase AV/IPS/Anti-spyware license.  this will talk to Windows RADIUS services for VPN authentication.  
0
Lucid SystemsAuthor Commented:
Thanks for your swift replies. I have used the draytek's for a good number of years, however they aren't reliable enough especially with VPN's.  From the 2600 up to the present 2820's they have always been a bit unreliable relative to ISA.  
I have never needed to restart ISA over the last 5 years at this client site due to vpn problems etc, and need something to match that level of stability,  
Drawlin, does the sonicwall solution you have suggested require me to install VPN software on remote clients or can clients connect using the windows inbuilt VPN client software
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Keith AlabasterEnterprise ArchitectCommented:
You get what you pay for in this world and ISA Server is still the best firewall/application gateway in the world.
Budget is subjective to what you want to protect - and what the cost might be should security be compromised.

Frankly speaking, if it is just for 25 users or for 25000 users, security is normally the same. if you are happy with ISA, why would you not just replace it with a newer version?
ISA2006 is still in mainstream support for another 18 months or so followed by another 5 years in extended support or you can go for a 64-bit OS and use the new FTMG (ISA2010).

If you just want to go through the motions of security then put a cheap router/firewall in place like a Draytek/Linksys or similar.

keith - ISA Forefront MVP
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lucid SystemsAuthor Commented:
Thanks Keith, to be honest I have been perfectly happy with ISA, it was implemented by a previous colleague a good number years ago.  because of its stability rather lazily I haven't got round to learning it inside out, but just enough to migrate it and carry out basic administration.  
I am looking to decommision the server that it is hosted on and would be deffintley interested in moving towards a 64 bit O/S (already have 64bit win 2003 to host exchange 2007.)  
The FTMG option does intrigue me as i rather put in a more modern solution then one that is in its latter days.  is it very similar to previous versions of ISA.  What differences /advantages/disadvantages are there relative to ISA.  Also is there a good amount of resource out there for me to become proficient with the product.
0
automationstationCommented:
I would highly recommend the Untangle solution... great software package (Super bundle) for what you get, easy to install and easy to manage.

http://www.untangle.com/Super-Bundle
0
Keith AlabasterEnterprise ArchitectCommented:
Big advantages. Obviously 64-bit is one of them and that it is EAL4+ accredited like its predecessors unlike some of the 'toy' products that are on the market but ostensibly:

All the stuff that ISA had originally - but not H323 support, that was only in ISA2000.
Full VPN - site and clients, NIS solution (Network Intrusion Signatures), Full publishing of servers now including Sharepoint, full publishing of Exchange 2007 and 2010, stacks of categories pre-built for web content filtering and monitoring (about time they did that) and shedloads more. this is a link to the FTMG (and UAG) homepages
http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx

It also provides malware protection but that is subscription based.

keith - ISA Forefront MVP
0
leakim971PluritechnicianCommented:
+1 for Forefront Edge Security, it work great.

From the news, you can work with two internet connexions : http://technet.microsoft.com/en-us/library/dd897038.aspx
0
Keith AlabasterEnterprise ArchitectCommented:
True - just bear in mind that ISP resilience is purely on load-balancing/failover, not on protocol distribution.
0
drawlinCommented:
I'm not married to a particular product vendor.  As a consultant I've had experience with Cisco, Firebox, Sonicwall, Sidewinder, ISA and Checkpoint.  They are all good and all offer the same features at a competitive price.  Each has a different user interface and brand specific nomenclatures for the objects that you will manage in the firewall/UTM appliance or server.

I have found that the learning curve to setting up these different products (for me) was shortest with the sonicwall device.  

To answer your prievious question, Yes, the sonicwall will require a client software to be loaded; which is why I also installed a ssl-vpn device.  
http://www.cdw.com/shop/products/default.aspx?EDC=840099

Hope this helps
0
Lucid SystemsAuthor Commented:
QQuestion closed.  Did not resolve the issue but advice useful for moving forward
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.