to ISA or not to ISA......
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: to ISA or not to ISA......

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    171

    to ISA or not to ISA......

    Hi everyone,

    About a week ago, I started setting up a new company/domain and was at that time planning on running RH9, with Apache, Sendmail, and FTP. Since that time, I have looked at Sendmail and Qmail, and have had little luck getting either properly configured.

    THe owners of the comapny have decided to go back to what we know, SBS2000.

    My question is this. Is ISA robust enough to be the sole firewall on this server/domain, or should I convince them that the purchase of a hardware solution is neccessary?

    Idea and opinions are great appricated.

    MrCoffee
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    If you want ISA for the firewall only, buy a hardware firewall. It'll cost you less (1500 Us per Processor for ISA 2004) and it'll probably be more secure. It's really dependent on your need also. Do you need web caching abilites? VPN Abilites?

    Etc Etc
    -Simon \"SDK\"

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    THis server is going to be acting as a webserver, email server, and ftp, but email will be for a very limited number of people. I can't image the webserver or ftp will get more then 50-100 hits an hour max. Might want OWA at some point. We will not be using it as a proxy server.

    Actually I was looking on CDW and found a base Sonicwall to work in conjunction with the ISA for around $249 so thats most likely the way I will go. But MS says that ISA is all you really need for a single domain. Acting as firewall for both server and client.
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Don't run ISA and your webserver/ftp on the same machine.. It's asking for trouble...
    -Simon \"SDK\"

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    Ok. But why? ISA come bundled with Exchange on SBS. In that kind of a configuration, it isnt possible to take the Web/FTP/email/ISA/IIS/SQL and put in on different servers, and why would you want to, since the whole point of SBS is to get everything you need.

    Cheers!
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by MrCoffee
    Ok. But why? ISA come bundled with Exchange on SBS. In that kind of a configuration, it isnt possible to take the Web/FTP/email/ISA/IIS/SQL and put in on different servers, and why would you want to, since the whole point of SBS is to get everything you need.

    Cheers!
    its just a basic security rule. As more components you put in a machine, more change of a "security breach" appears. Its not advisable run other stuff on the same machine as the firewall, EVEN when MS tell you to do so.
    Meu sŪtio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    One of the goals of ISA is to act like a web server, ftp and email server all together but to redirect the traffic to a server inside your LAN who is secure. If you redirect the traffic to you the same machine, itís destroyed that goals. Iíll stick with by first idea; buy a Sonicwall Firewall with DMZ and VPN support. (Specially VPN support, you donít regret the $$ spend on that)
    -Simon \"SDK\"

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    Ok. Now that makes sense (or maybe just stated in a way that my simple mind could grasp.. It is strange that they would bundle it in such a way that it HAS TO reside on the very same server as the web/PDC/etc.
    I wasn't trying to be difficult with my question, I was just trying to understand why it wasnt recommended.

    I have a rec for either a Soho or a Watchguard and will order it today.

    Thanks!
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I have a couple of sites that run SBS 200x

    I beleive the ISA is bundled for security and internal access...an intranet site...and not recommended for public access. Yes they do have public services available for the clients to work remotely...
    and you need a VERY strong password policy enabled for these services to be and remain secure....and put a hardware firewall infront.

    Get a real server if you want to host a public website. or set the SBS up for the services and pay to host your website\public access somewhere else.

    The SBS is for small businesses to be able to have bundled services at a lower cost with out the Small Business having to buy 4 seperate servers, apps and CALs etc

    You cannot install any of the SBS components SQL, Exchange, ISA etc on another server unless you buy seperate licensing for that server and setit up as a member.

    The SBS is the domain controller.


    My .02 cdn

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    I agree with Morgan. The bundling of ISA in SBS is intended to give a small business a certain degree of proxy, web caching, internet shating, and internal website protection... Using the sonicwall firewall in conjuction with ISA would work and give you a lot more protection than just using the ISA server as your firewall, exchange, iis, etc.. etc.. etc....

    Nobody ever said that MS marketing in the past has been majorly concerned with putting out security products that agree with what everybody will tell you is a good model.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •