I agree ISA works very well as a proxy, not that good as a FW -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of bmcdowell@xxxxxxxxxxxxxxxxxx Sent: den 25 februari 2004 22:29 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: advantage and disadvantage between iptables and ISAServer? I don't see them as all that comparable, and in fact I use both. ISA makes a great proxy and uses AD permissions (groups, etc) for access control. I see it as Proxy 2.0 Enhanced, rather than a 'firewall'. Bob -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Maciej Soltysiak Sent: Wednesday, February 25, 2004 10:18 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: advantage and disadvantage between iptables and ISAServer? > I am not to familure with ISA because the M$ admins here tell me it is > not worth > the enough to test it out. I would assume it is like any other M$ > product though > ... you need double or triple the hardware to run it as compared to iptables. Agree, oh, this is true. Currently w2k3 runs very bad on: p4 1,5ghz, 384MB with a few of the services setup: AD, WMS, IIS (HTTP+FTP), SUS, SMS. > You are stuck with the options the M$ provides instead of the endless > possibilities the a Unix or Linux could offer. Well, sort of. iptables is very powerfull, but I think that upcomming isa 2004 is going to be modular and pluggable too, plus it will certainly address popular security issues like: p2p (yes, it is a security issue), worms, network attacks that have signatures: slammer, floods, land, dos, etc... Like checkpoint's SmartDefense. I have not been using isa, but only read and seen a presentation of isa 2004, It is possible that is going to be a powerfull tool. No information about stability, propably it'd depend on which version of windows you are running and how stable it is. Performance? No idea. Regards, Maciej
