After last week's debacle (thanks for help folks ) have decided that

a) Split IIS & Web Proxy away from Exchange Server

b) U/grade to ISA

Therefore just about to order a W2K Server (PIII 1Ghz 1Gb RAM etc) to run IIS 5.0 & ISA. Before I do - any comments? Pitfalls? etc...

Reason we want ISA is software firewall features (some) & ability to apply policies of what can/can't access to users/groups/machines ( )

Thanks

 

I've had my first exposure to ISA recently.

Probably 10 times as complex as Proxy IMHO!

I certainly wouldn't trust my network security to ISA. Two Security Bullentins on ISA already.

I would go for a combination of good firewall (probably an appliance ie SonicWall [1] or Nokia) and possibly some additional software.

Just my $0.02.

Chris.

[1] The SonicWall can do content filtering & is a damn sight easier to look after than ISA -

 

Yes ISA is more complex than Proxy Server was but the extra flexibility is well worth it imho.

I use it to allow specific NT groups access to sets of approved internet sites and deny everything else. Works a treat. A little fiddly to set up to start with but once you are done it works just fine.

I haven't used the firewall side just the cache so I can't comment on that. I'd be wary of using it as my main internet firewall but many do and if that's as far as your budget goes; you could do worse. Don't worry about the security bulletins too much, there isn't a firewall out there that hasn't had them at some time. Getting the OS secure for the firewall is the trick. However if you need a cheap firewall check out the Gnatbox maybe?

Oh and it's well worth you moving iis and proxy away from Exchange, you'll gain so much from that because they are currently spinning their wheels fighting over memory.

Before I forget check