We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
COURSE of the MONTH
13 days, 17 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Do I need an additional Firewall in front of ISA / TMG
Posted on 2013-01-01
Dear All,
We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
We have ISA installed on our network to provide access to internet. We have no published servers, we though have remote users to VPN to our network through ISA. So, I would like to know if I need an additional Firewall to protect my network or the current setup is sufficient?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
3
2- +2
11 Comments
Active 4 days ago
For sure, adding another firewall on front of TMG will add a security layer to your network.
Please reed the following :
http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls
http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx
Please reed the following :
http://searchsecurity.techtarget.com/answer/Front-end-back-end-firewalls-vs-chassis-based-firewalls
http://technet.microsoft.com/en-us/library/bb123753(v=exchg.65).aspx
Active 4 days ago
Its like asking if you need more than one Lock on your front door. One lock has it shut and deters the opportunistic burgler for sure. Put another, bigger, lock on and it keeps even more out.
A hardware firewall in addition to ISA/TMG is a very good idea yes.
A hardware firewall in addition to ISA/TMG is a very good idea yes.
Software firewalls have some vulnerabilities
so do hardware FW
adding the 2 together decreases your exposure
even a low end firewall is a good idea
the hardware can handle much of the crap traffic faster and then less load on the software firewall
ALL THE SOLUTIONS I propose make use of hardware and software security
Security is best when it is layered
so do hardware FW
adding the 2 together decreases your exposure
even a low end firewall is a good idea
the hardware can handle much of the crap traffic faster and then less load on the software firewall
ALL THE SOLUTIONS I propose make use of hardware and software security
Security is best when it is layered
Active today
I'll come in on the other side of this. I don't disagree that an additional firewall will provide more security. However, ISA is a very good firewall and in many cases I believe it is sufficient on it's own. Only by evaluating your security requirements can you answer the question of whether you need another.
Hi!
Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
Thank you all for suggesting / supporting the idea of having an additional firewall, but is it necessary to have one, when you have users for internet and VPN only and no DMZ?
Active 4 days ago
Well that is entirely down to you. IF you want your network to be MORE secure then YES. If your happy to think that ISA is the be all and end all of internet security then no.
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
You need to define what YOU call "necessary "
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.
You need to define what YOU call "necessary "
Active today
@Neilsr - Sorry, a bit off topic, but...
Personally I would never and have never recomended any client install ISA directly onto the internet link with no hardware firewall.Could you explain why that is? Are there some particular failings of ISA that ward you off, or is it just because it resides on top of Windows?
Active 4 days ago
Its because no lock is pick proof so two locks are a far better, more secure, system.
Nothing to do with windows or ISA specifically no.
Nothing to do with windows or ISA specifically no.
Featured Post
Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (tā¦
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the ā¦
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as formā¦
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment.
To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastrā¦
Suggested Courses
Course of the Month13 days, 17 hours left to enroll
800 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.