Solved

ISA 2006 & Cisco FireWall

Posted on 2011-02-16
2
393 Views
Last Modified: 2013-11-16
Hi guys,
Any one assist me what the different between ISA2006 and Cisco Firewall? And which one it’s better for security internet
0
Comment
Question by:Mabr0
2 Comments
 
LVL 18

Assisted Solution

by:jmeggers
jmeggers earned 125 total points
ID: 34908986
I don't know all that much about ISA so can't make a direct comparison, but I don't think it's a firewall designed to keep undesired traffic from entering the perimeter.  I think it's more of an outbound proxy for URL filtering, etc.  Please feel free to correct me if I'm wrong.

The Cisco ASA is a stateful firewall with a number of layer-7 application inspections, VPN termination including IPSec and SSL, remote access and site-to-site, does phone proxy for encrypted IP phone connections from the outside, can be used with a content or IPS module, and has a number of other features.  
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 34910298
From a security perspective they are both the same. Although ISA got there a head of Cisco, both have EAL4+ accreditiation - the highest you can get. Neither have been hacked - or reported as hacked, unless it was by miscofiguration. Both can handle traffic from layer 3 upwards to layer 7.

The main differences - for me at least are:

ISA does more. By this I mean ISA is not only a damn fine firewall but it was designed as an application gateway and a forward and reverse proxy - in the true sense. It has application and web filters built in and supports definitions for near as damn it every protocol defintion you can imagine.

Cisco does it quicker. The original PIX and then the ASA is hardware based and chunders through traffic faster than anything I have seen - and i have seen a lot of firewalls, appliances, gateways and proxies.

ISA does not do proxy for phones because it cannot understand SIP traffic. It can be made to work but this is not its main area by leveraging other realated services such as activesync, OWA, OMA etc.

Keith - ISA & TMG MVP
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question