October 1st, 2002, 11:38 PM
Does anyone out there use ISA Server for providing internet access for their company? If so, have you had any problems / issues with using it? We were thinking of doing a trial of ISA server and I just wanted to see if anyone had any experience with it.
If you dont use ISA server, what do you use for sharing internet access throughout your company? I have tried several proxy servers (windows based), but have not really liked any of them due to limitations of what I could allow the proxy to do.
Any help would be great.
October 2nd, 2002, 12:16 AM
I haven't used ISA but a friend of mine did. The words "****ing slow pig" came out of his mouth and at the time I believe the setup was PIII1.2/512MB Ram/80GB HD.
I have used Novell BorderManager 3.5 and found it to be fine for the company I had worked at. We'd fill the cache regularly but it was good for locking down what we didn't want employees to get at while still allowing for good internet access.
October 2nd, 2002, 12:43 AM
I use ISA, and it has been working fine. We are in search of additional reporting tools, however, as our existing ones are not enough - that includes the built-in reports for ISA itself. Oh, and Ms Mittens, I think that 512 MB may be the minimum, so it would probably depend on the amount of users that are being piped through the proxy. Maybe your friend should bump it up to about a gig. Just a suggestion. But honestly, our internet connection seems just fine.
Opinions are like
holes - everybody\'s got\'em.
October 2nd, 2002, 05:03 PM
MsMittens: Unfortuately, we have MS Win2k Servers and cannot run Novell BorderManager 3.5. I have heard some good things about that product.
October 2nd, 2002, 06:16 PM
BorderManager? ACK! We have a Checkpoint FW/proxy because of BorderManager...and then there is ManageWise...
October 2nd, 2002, 06:57 PM
The minimum is 256MB but it's dog slow at that. I am running ISA with 1.5GB ram on a dual 1Ghz Dell box with no problems. Environment is ~200 users with net access restricted to about 105 or so.
Originally posted here by t2k2
....and Ms Mittens, I think that 512 MB may be the minimum, so it would probably depend on the amount of users that are being piped through the proxy. Maybe your friend should bump it up to about a gig. Just a suggestion. But honestly, our internet connection seems just fine.
Oh and you might want to reserve a certain percentage of your pipe for your MIS dept -- so you can always get out when you need to even if Joe Blow is watching the Fox news (provided you let it in)
October 2nd, 2002, 07:38 PM
October 3rd, 2002, 12:47 AM
Thanks for the correction bigbird. The minimum for our installation is 512MB because we have the SurfControl add-in for more reporting capabilities. Now I realize why I said that may be the minimum, but I am sure you are right about the 256MB for just the ISA Server itself. I can't remember the rest of the specs on the box, but it's definitely handling the traffic. We may have about 400 users with access through it.
Sgt_B: I definitely agree with you on the suck reporting of ISA...BLAH!
Opinions are like
holes - everybody\'s got\'em.
October 3rd, 2002, 04:35 AM
I implemented ISA Server about 2 months ago at one of my clients (stupid Small Business Server). I think it works well, but I wouldn't recommend doubling applications up on the server, as Small Business Server does, as ISA eats up resources like crazy. The configuration isn't especially intuitive, but it is fairly easy to adapt to after a while. My biggest gripe is that in order to take advantage of the monitoring, without going to the server to look at the logs, you need to buy third party software, or you have to open the ISA monitoring log files in access and write a program to query that database, either way, it is something that should be provided for, and isn't.
Oh, and don't expect it do to trustworthy intrustion detection, I get my false alarms than I'd like, but I've heard the ISS add in is decent.
\"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me
October 3rd, 2002, 07:20 AM
ISA server is a mighty pricy item just to share an internet connection. What do you want out of a proxy, what type of connection to the internet do you have? Do you need to stay connected 24/7
I just got rid of ISA in favor of checkpoint. its like everone says. its a monster. it dosn't do content filtering but it does do a fair job with mime types. if your forced to use third party software to get some decent ids reporting, that to me makes it pretty useless. it reports every connection attempt, even for push type add servers as 'an intrusion attempt' but dosn't tell you the protocal, port number or any info you could use to analyse it. the same thing with dropped packets. i don't know why thet even bothered. it does make a nice caching proxy and the firewall client or user groups are fairly easy to configure.
2k server will allow you to share connections with everyone all by it self. add some firewall and IDS software and your jammen. sygate will allow you to blacklist users and monitor surfing, tiny fw pro does a pretty fare job for the price, under 200 dollars.
Make a list of what you want your proxy/gateway/firewall to do, and lets have a look at it.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”