> I am not to familure with ISA because the M$ admins here tell me it is not worth > the enough to test it out. I would assume it is like any other M$ product though > ... you need double or triple the hardware to run it as compared to iptables. Agree, oh, this is true. Currently w2k3 runs very bad on: p4 1,5ghz, 384MB with a few of the services setup: AD, WMS, IIS (HTTP+FTP), SUS, SMS. > You are stuck with the options the M$ provides instead of the endless > possibilities the a Unix or Linux could offer. Well, sort of. iptables is very powerfull, but I think that upcomming isa 2004 is going to be modular and pluggable too, plus it will certainly address popular security issues like: p2p (yes, it is a security issue), worms, network attacks that have signatures: slammer, floods, land, dos, etc... Like checkpoint's SmartDefense. I have not been using isa, but only read and seen a presentation of isa 2004, It is possible that is going to be a powerfull tool. No information about stability, propably it'd depend on which version of windows you are running and how stable it is. Performance? No idea. Regards, Maciej
