"Schouten, Diederik (Diederik)" wrote:
>
> Paul, Mike? ;)
I'll bite :)
> Can someone plase tell me why poeple like the Microsoft ISA Server?
Beats me.
- Logging to the local event log?
(Hint 1: we log ~1GB per day at our main choke point)
(Hint 2: spew a couple of thousand bogus ARPs on firewall,
and you get cute dialog boxes on the console, and the
event log gets crammed full / old events rotated out)
- Logging plain >>>SUCKS<<<, even if you'd take away the
event log BS!
- The admin GUI left me completely cross-eyed and still not sure
what the hell I'd just set up after a session of trying to
understand it. And I _have_ worked with a fair number of
firewalls. How is the everyday admin going to handle it?
- STATELESS packet filtering to the DMZ? Uhh..
- I think the web cache is still implemented on top of IIS?
- Microsoft Recommendation: Don't put the web server in the DMZ;
that will only cause problems. Put it on the internal network
instead, where it is protected from the DMZ. (YES!!!!)
- ...
I do think the ISA server has a role in a microsoft-centric
network: sitting on the internal network, or in a service
network, doing internal user authentication of outbound
connections, and acting as a web cache. Protected from the
outside by the main firewall.
Uh. I shouldn't be doing this now. I should get back to work.
Yes.. work. hmm. now, where was I....
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
