Microsoft ISA - Knowledge/Experience?
26 September 2001, 04:07 PM
#1
After last week's debacle (thanks for help folks 
) have decided that
a) Split IIS & Web Proxy away from Exchange Server
b) U/grade to ISA
Therefore just about to order a W2K Server (PIII 1Ghz 1Gb RAM etc) to run IIS 5.0 & ISA. Before I do - any comments? Pitfalls? etc...
Reason we want ISA is software firewall features (some) & ability to apply policies of what can/can't access to users/groups/machines (
)
Thanks
) have decided thata) Split IIS & Web Proxy away from Exchange Server
b) U/grade to ISA
Therefore just about to order a W2K Server (PIII 1Ghz 1Gb RAM etc) to run IIS 5.0 & ISA. Before I do - any comments? Pitfalls? etc...
Reason we want ISA is software firewall features (some) & ability to apply policies of what can/can't access to users/groups/machines (
)Thanks
26 September 2001, 05:02 PM
#2
Moderator
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
I've had my first exposure to ISA recently.
Probably 10 times as complex as Proxy IMHO!
I certainly wouldn't trust my network security to ISA. Two Security Bullentins on ISA already.
I would go for a combination of good firewall (probably an appliance ie SonicWall [1] or Nokia) and possibly some additional software.
Just my $0.02.
Chris.
[1] The SonicWall can do content filtering & is a damn sight easier to look after than ISA -
Probably 10 times as complex as Proxy IMHO!
I certainly wouldn't trust my network security to ISA. Two Security Bullentins on ISA already.
I would go for a combination of good firewall (probably an appliance ie SonicWall [1] or Nokia) and possibly some additional software.
Just my $0.02.
Chris.
[1] The SonicWall can do content filtering & is a damn sight easier to look after than ISA -
26 September 2001, 05:38 PM
#3
Scooby Regular
Join Date: Jul 2000
Location: cloud cuckoo land
Posts: 536
Likes: 0
Received 0 Likes
on
0 Posts
Yes ISA is more complex than Proxy Server was but the extra flexibility is well worth it imho.
I use it to allow specific NT groups access to sets of approved internet sites and deny everything else. Works a treat. A little fiddly to set up to start with but once you are done it works just fine.
I haven't used the firewall side just the cache so I can't comment on that. I'd be wary of using it as my main internet firewall but many do and if that's as far as your budget goes; you could do worse. Don't worry about the security bulletins too much, there isn't a firewall out there that hasn't had them at some time. Getting the OS secure for the firewall is the trick. However if you need a cheap firewall check out the Gnatbox maybe?
Oh and it's well worth you moving iis and proxy away from Exchange, you'll gain so much from that because they are currently spinning their wheels fighting over memory.
Before I forget check
I use it to allow specific NT groups access to sets of approved internet sites and deny everything else. Works a treat. A little fiddly to set up to start with but once you are done it works just fine.
I haven't used the firewall side just the cache so I can't comment on that. I'd be wary of using it as my main internet firewall but many do and if that's as far as your budget goes; you could do worse. Don't worry about the security bulletins too much, there isn't a firewall out there that hasn't had them at some time. Getting the OS secure for the firewall is the trick. However if you need a cheap firewall check out the Gnatbox maybe?
Oh and it's well worth you moving iis and proxy away from Exchange, you'll gain so much from that because they are currently spinning their wheels fighting over memory.
Before I forget check
Thread
Thread Starter
Forum
Replies
Last Post
ptholt
Computer & Technology Related
3
02 December 2002 02:02 PM
paulmon
Non Scooby Related
1
07 December 2001 02:29 PM