We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
7 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Do I need an additional Firewall in front of ISA / TMG
Posted on 2013-01-01
Dear All,
We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
3
2- +2
11 Comments
Active 3 days ago
For sure, adding another firewall on front of TMG will add a security layer to your network.
Please reed the following :
http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls
http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx
Please reed the following :
http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls
http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx
Its like asking if you need more than one Lock on your front door. One lock has it shut and deters the opportunistic burgler for sure. Put another, bigger, lock on and it keeps even more out.
A hardware firewall in addition to ISA/TMG is a very good idea yes.
A hardware firewall in addition to ISA/TMG is a very good idea yes.
Software firewalls have some vulnerabilities
so do hardware FW
adding the 2 together decreases your exposure
even a low end firewall is a good idea
the hardware can handle much of the crap traffic faster and then less load on the software firewall
ALL THE SOLUTIONS I propose make use of hardware and software security
Security is best when it is layered
so do hardware FW
adding the 2 together decreases your exposure
even a low end firewall is a good idea
the hardware can handle much of the crap traffic faster and then less load on the software firewall
ALL THE SOLUTIONS I propose make use of hardware and software security
Security is best when it is layered
Active 1 day ago
I'll come in on the other side of this. I don't disagree that an additional firewall will provide more security. However, ISA is a very good firewall and in many cases I believe it is sufficient on it's own. Only by evaluating your security requirements can you answer the question of whether you need another.
Active 3 days ago
Hi!
Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
Well that is entirely down to you. IF you want your network to be MORE secure then YES. If your happy to think that ISA is the be all and end all of internet security then no.
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
You need to define what YOU call "necessary "
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
You need to define what YOU call "necessary "
Active 1 day ago
@Neilsr - Sorry, a bit off topic, but...
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.Could you explain why that is? Are there some particular failings of ISA that ward you off, or is it just because it resides on top of Windows?
Its because no lock is pick proof so two locks are a far better, more secure, system.
Nothing to do with windows or ISA specifically no.
Nothing to do with windows or ISA specifically no.
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs
What does this mean and how can one go about correcting it?
In simple terms, this error message indicates t…
In Africa (and potentially where you live…), reliability of ISPs is questionable. With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity. T…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you!
In this Micro Tutorial, you'll learn yo…
- Microsoft Applications
- Windows 10
- Windows OS
- Fonts Typography
- Windows 7, Microsoft Word
Suggested Courses
Course of the Month7 days, 20 hours left to enroll
729 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.