[Webinar] Streamline your web hosting managementRegister Today



Posted on 2010-04-02
Medium Priority
Last Modified: 2012-05-09
Hello, Is ISA 2006 a good enough software firewall to be used as a primary firewall on one of our Internet gateways? We use cisco asa 5505, Smoothwall Advanced software firewall and also a Watchguard x55e series deployed in various roles. I would like to deploy an ISA box to act as a primary firewall but would like confirmation that it will be safe or wise to do so. I have used it in proxy mode and is excellent at filtering out unwanted protocols/traffic etc as well as being great at creating routing policies etc.

How is it as a front line firewall?

Many Thanks, Aelara.
Question by:Aelara

Assisted Solution

Haitham_Kh earned 332 total points
ID: 29485635

According to my experience, it will be a great choice if its configured properly. I recommend it.

LVL 51

Accepted Solution

Keith Alabaster earned 336 total points
ID: 29539923
ISA Server reached EAL4+ accreditation - the highest you can get - before the Cisco PIX and before the Cisco ASA. I don't think the Sonicwwall gained that standard.

Just bear in mind that ISA2006 goes out of mainstream support this year.

ISA Forefront MVP

Assisted Solution

evilsi earned 332 total points
ID: 29847745
ISA 2006 is very good multi-purpose firewall and proxy that integrates well with other MS products.  The only drawbacks are: Its better not to have it as a domain member ( this breaks some functionality but provides much better security) and if you are an ISO270001 accredited organization it can be hard to get it through auditing. (generally Juniper time) Apart from that is a great product but as Keith rightly said its coming to the end of mainstream support.

LVL 51

Expert Comment

by:Keith Alabaster
ID: 29874624
Best practicies are to ensure that ISA server IS a domain member (but not a domain controller) wherever possible.

This is forced home on the Microsoft ISA training courses, and is a fundamental training point when you become an MS trainer or MCT for ISA server.


Author Comment

ID: 29888988
Many thanks for your comments. I'm in the process of introducing an ISA 2006 box as a primary firewall and your comments have helped sort out any doubt i had. When does support for ISA 2006 end? From what i can see mainstream support ends in Jan 2012. Has this changed?

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question