Skip to main content

Firewall and ISA Server function.

More
17 years 11 months ago #18497 by taq
I have a situation and need your comment.

Existing network setup consists of firewall and ISA server. The control is to allow or disallow users to access the internet through ISA server.

Planning is to remove the ISA server. Can a firewall allow and disallow internal users from accessing the internet as currently what ISA server is doing?

The reason is simple, we don't want to maintain OS and server. If firewall can do proxying, than we may want to do that.

Thanks.
More
17 years 11 months ago #18502 by TheBishop
Some can. As a minimum you'll need one that provides an http proxy with some sort of user authentication scheme in addition to being just a firewall. Of the top of my head you can do this with both Cyberguard and Checkpoint. The above, of course, will only give you control over your browsing. If you want to control everything destined for the internet that's going to be trickier. To do that with a firewall alone you'd probably need clients with fixed IP addresses but the administrative overhead and complexity would be silly. Hence things like ISA server!
More
17 years 11 months ago #18513 by DaLight
To add what the Bishop said, ISA server is much more than a firewall. It performs has the functionality of a firewall, web caching and proxy server, bandwidth manager. It can also act as an application proxy for non-http protocols like SMTP. In addition, even though VPN functionality is built into Windows 2000/2003 server, ISA has a number of enhancements which make it easier to deploy VPNs.

I suppose your final decision will be influenced by how much functionality the replacement firewall possesses, and how much of the ISA server "extras" you really need.
More
17 years 11 months ago #18514 by Smurf

To add what the Bishop said, ISA server is much more than a firewall. It performs has the functionality of a firewall, web caching and proxy server, bandwidth manager. It can also act as an application proxy for non-http protocols like SMTP. In addition, even though VPN functionality is built into Windows 2000/2003 server, ISA has a number of enhancements which make it easier to deploy VPNs.


Its worth also noting that the Bandwidth Management was dropped from ISA in ISA 2004 upwards because it didn't work properly in ISA 2000

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 11 months ago #18515 by DaLight

Its worth also noting that the Bandwidth Management was dropped from ISA in ISA 2004 upwards because it didn't work properly in ISA 2000

Actually, it's back to a limited extent in ISA 2006.
More
17 years 11 months ago #18517 by Smurf

Actually, it's back to a limited extent in ISA 2006.


Kewl, do you have a link for me to take a look ? I can only find this link on new features which doesn't mention it ?

www.microsoft.com/isaserver/prodinfo/whatsnew.mspx

Cheers fella

Wayne

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.133 seconds