On Tue, 16 Apr 2002, Schouten, Diederik (Diederik) wrote: > Paul, Mike? ;) >
Yes? > Can someone plase tell me why poeple like the Microsoft ISA Server? I don't think they generally do, I'm not aware of it gaing any significant market share, and I've rarely seen anyone using one. > Without a proper firewall protecting the ISA Server its just going to be the > single point of failure. The current incantation (ISA Server 2000) has passed ICSA Labs certification[1] as an actual firewall, and it does work. The last two attempts in the product line certainly EARNED such scorn- the current implementation should probably be evaluated for function seperately- it's the third product in the line AFAIR. Personally, I'm a big fan of hetrogenious solutions, so I'd be more inclined to go with a different OS for my protection layer than my protected resource layer. That's an individual evaulation point which should be at least considered (even if it's considered and discarded) when picking a solution (I wouldn't use a Linux box to firewall a network of Linux servers in a company environment for instance- though I've been known to do it at home.) All products have issues, problems and bugs. All vendors mess up. If it was an easy answer, the question wouldn't come up because everyone would "know" it. Paul [1] TruSecure owns ICSA Labs, and employs me, I think the 3.0a criteria are a good "Is it really a firewall?" bar. I do NOT work at or speak for the Labs, and this message is a personal opinion only, not representative of my employer's position. I'm pretty sure every firewall vendor listed in the initial e-mail (as well as Lucent) is a Labs customer, so be sure to include that weighting in any evaulation of my opinion (anyone who followed the bridging thread will see how much it doesn't affect what I say from my home account ;)) I'd add more stuff, but if someone's gonna get upset it won't change anything they do. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
