Do I need an additional Firewall in front of ISA / TMG
Dear All,
We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'll come in on the other side of this. I don't disagree that an additional firewall will provide more security. However, ISA is a very good firewall and in many cases I believe it is sufficient on it's own. Only by evaluating your security requirements can you answer the question of whether you need another.
ASKER
Hi!
Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
Well that is entirely down to you. IF you want your network to be MORE secure then YES. If your happy to think that ISA is the be all and end all of internet security then no.
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
You need to define what YOU call "necessary "
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
You need to define what YOU call "necessary "
@Neilsr - Sorry, a bit off topic, but...
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.Could you explain why that is? Are there some particular failings of ISA that ward you off, or is it just because it resides on top of Windows?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Got the message
Please reed the following :
http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls
http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx