I've been using ISA 2004 on a box that's been facing the internet since it's was released as a public beta. I've run other firewall "appliances" as well as both m0n0wall and pfSense (pfSense is a variant of m0n0wall optimized for use on standard PC hardware) and I've really found it to have the best featureset. I also read an article on Network Computing or Windows Magazine that put ISA2004 as one of the fastest firewalls, almost achieving "full" 1000Base-TX speeds.
Do you have a link to an online version of this article? I'd like to see their testing criteria. It's not that I don't believe you... well, yeah, it is that I don't believe you. You're just some guy on the Internet, after all.
I think ISA's real redemption comes from the hardware that it runs on, standard (sometimes cheap) PC components. If you get a power surge on an Ethernet card (because only in the engineer's dreamworld does the Ethernet cable get it's on surge arrestor) and blow the card, there's a $20 replacement at the local computer store. On the other hand, you have the sleek, integrated units that you have to throw away or RMA if something gets zapped, and you won't be able to troubleshoot it to the same degree you'd be able to troubleshoot an ISA server.
Personally, I see this as a negative. That cheap $20 Ethernet card you mention being easy to replace is also more likely to go down do to a failure than something built with enterprise class components... not just with whatever parts came off the boat from <insert Southeast Asian country here> last week. The fact that ISA can run on commodity hardware means that it is more prone to a hardware failure, and that isn't acceptable in a high-availability environment... and who's business isn't these days?
Abe -- Abe Getchell [EMAIL PROTECTED] http://abegetchell.com/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
