Do I need an additional Firewall in front of ISA / TMG

Dear All,

We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
Abid MuhammadIT ManagerAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Abid MuhammadConnect With a Mentor IT ManagerAuthor Commented:
Thanks Guys!

Got the point.

Regards
0
 
Suliman Abu KharroubIT Consultant Commented:
For sure, adding another firewall on front of TMG will add a security layer to your network.

Please reed the following :

http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls

http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Its like asking if you need more than one Lock on your front door.  One lock has it shut and deters the opportunistic burgler for sure. Put another, bigger, lock on and it keeps even more out.

A hardware firewall in addition to ISA/TMG is a very good idea yes.
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
DarinTCHConnect With a Mentor Senior CyberSecurity EngineerCommented:
Software firewalls have some vulnerabilities
so do hardware FW

adding the 2 together decreases your exposure

even a low end firewall is a good idea
the hardware can handle much of the crap traffic faster and then less load on the software firewall

ALL THE SOLUTIONS I propose make use of hardware and software security

Security is best when it is layered
0
 
footechCommented:
I'll come in on the other side of this.  I don't disagree that an additional firewall will provide more security.  However, ISA is a very good firewall and in many cases I believe it is sufficient on it's own.  Only by evaluating your security requirements can you answer the question of whether you need another.
0
 
Abid MuhammadIT ManagerAuthor Commented:
Hi!

Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
0
 
Neil RussellTechnical Development LeadCommented:
Well that is entirely down to you. IF you want your network to be MORE secure then YES. If your happy to think that ISA is the be all and end all of internet security then no.

Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.

You need to define what YOU call "necessary "
0
 
footechCommented:
@Neilsr - Sorry, a bit off topic, but...
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
Could you explain why that is?  Are there some particular failings of ISA that ward you off, or is it just because it resides on top of Windows?
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
Its because no lock is pick proof so two locks are a far better, more secure, system.

Nothing to do with windows or ISA specifically no.
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
If an exploit is found in ISA you are vulnerable if thats your Only line of defence.
Likewise if you Only have a hardware firewall.

You have both, you now need two exploits at the same time to be compromised.
0
 
Abid MuhammadIT ManagerAuthor Commented:
Got the message
0
All Courses

From novice to tech pro — start learning today.