Re: ISA Server or Firewall Appliance?
From: Abe Getchell (mailing.list.spooler_at_gmail.com)
Date: 11/16/05
- Previous message: Jim Harrison (ISA): "RE: ISA Server or Firewall Appliance?"
- In reply to: Nick Wells: "RE: ISA Server or Firewall Appliance?"
- Next in thread: Nick Wells: "RE: ISA Server or Firewall Appliance?"
- Reply: Nick Wells: "RE: ISA Server or Firewall Appliance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Nov 2005 17:56:38 -0500 To: Nick Wells <nick@clandestineresearch.com>
> I've been using ISA 2004 on a box that's been facing the internet since it's
> was released as a public beta. I've run other firewall "appliances" as well
> as both m0n0wall and pfSense (pfSense is a variant of m0n0wall optimized for
> use on standard PC hardware) and I've really found it to have the best
> featureset. I also read an article on Network Computing or Windows Magazine
> that put ISA2004 as one of the fastest firewalls, almost achieving "full"
> 1000Base-TX speeds.
Do you have a link to an online version of this article? I'd like to see
their testing criteria. It's not that I don't believe you... well, yeah,
it is that I don't believe you. You're just some guy on the Internet,
after all.
> I think ISA's real redemption comes from the hardware that it runs on,
> standard (sometimes cheap) PC components. If you get a power surge on an
> Ethernet card (because only in the engineer's dreamworld does the Ethernet
> cable get it's on surge arrestor) and blow the card, there's a $20
> replacement at the local computer store. On the other hand, you have the
> sleek, integrated units that you have to throw away or RMA if something gets
> zapped, and you won't be able to troubleshoot it to the same degree you'd be
> able to troubleshoot an ISA server.
Personally, I see this as a negative. That cheap $20 Ethernet card you
mention being easy to replace is also more likely to go down do to a
failure than something built with enterprise class components... not
just with whatever parts came off the boat from <insert Southeast Asian
country here> last week. The fact that ISA can run on commodity hardware
means that it is more prone to a hardware failure, and that isn't
acceptable in a high-availability environment... and who's business
isn't these days?
Abe
-- Abe Getchell abegetchell@gmail.com http://abegetchell.com/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Jim Harrison (ISA): "RE: ISA Server or Firewall Appliance?"
- In reply to: Nick Wells: "RE: ISA Server or Firewall Appliance?"
- Next in thread: Nick Wells: "RE: ISA Server or Firewall Appliance?"
- Reply: Nick Wells: "RE: ISA Server or Firewall Appliance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
