Re: Firewall recommendations?

[Chris Travers <chris () travelamericas com>]

ISA's not a bad product.

That being said, it is not the end-all-and-be-all of security solutions 
either.  If security is important,  you can run a filtering router 
behind your ISA server (on a non-MS OS for added defence in depth) and 
this is what I would do.  You could use a Cisco solution, a Linux router 
with IPTables, or other options.  Also if your defence is all on the 
same OS that your internal servers are, you lose an opertunity for 
defence in depth.

The point is that security is a process not a product.  No product you 
purchase can give you security, and implimentation is more important 
than products.

Anyway, best of luck,
Chris

rdusek () myway com wrote:

> I am in charge of researching a firewall to replace what we currently 
> have.  At my previous job I had used Microsoft ISA in a low-security 
> environment, and was happy with its features, and its integration with 
> the Windows environment there.  However, at my current job, security is a 
> much greater concern, and I have to admit, I am somewhat uneasy running a 
> Microsoft firewall product on top of a Microsoft OS. We also had 
> investigated Checkpoint as well as Cisco Pix, and found that for our 
> needs, the Pix at least seemed to need _many_ separate components for the 
> same functionality. My question is what are your experiences with using 
> ISA from a security standpoint? Usability issues? From the Mac end? Or 
> would we be better off pursuing the Checkpoint or the Pix solution? We 
> also plan on implementing VPN over whatever we choose, so if you 
> recommend something other than these, it should support at least PPTP and 
> perhaps eventually IPSec/L2TP.  We have also considered placing ISA 
> behind a Linux (or BSD) IP Chains firewall and our perimeter network to 
> block some of the traffic from getting to ISA. Any comments here? Thanks 
> to everybody in advance!
>
>
>