ISA server 2004...is it a joke?

B

benutne

[H]ard|Gawd
Joined
Apr 15, 2001
Messages
1,492
I'm looking into ISA server for a few reasons. Is it worth the risk? Having all my other MS applications know exactly how to interact with ISA sounds really nice. If it is teh suck, are there some worthy alternatives? I'm trying to NOT have to buy a pricey router.

edit: I also need the proxy capabilities of ISA server.
 
I have ISA 2004 and it's fantastic. Completely rock solid and a MS product done right. The downtime I've experienced has been as a direct result of a 3rd party plugin in. (GFI DownloadSecurity - which I consider essential to keep my network spyware free - it's pretty reliable now, but they're transitioning to a new and better product now). I also used ISA 2000 prior to 2004 and 2004 is a nice improvement (real time logging with MSDE and such).

That said, don't mix server roles. Make sure it's on it's own domain/workgroup / doesn't trust the internal network. It can be a little complicated, but http://www.isaserver.org/ is your friend. I'd also reccommend buying Dr. Tom's configuration books - they're well worth the money as a reference.
 
Hmmm...I just inherently fear any MS product that is supposed to be in charge of "security." I'll give it a try. Maybe on a small trial network. That said, it would be its own machine. I try to separate my server roles as much as possible.
 
da sponge said:
I have ISA 2004 and it's fantastic. Completely rock solid and a MS product done right. The downtime I've experienced has been as a direct result of a 3rd party plugin in. (GFI DownloadSecurity - which I consider essential to keep my network spyware free - it's pretty reliable now, but they're transitioning to a new and better product now). I also used ISA 2000 prior to 2004 and 2004 is a nice improvement (real time logging with MSDE and such).

That said, don't mix server roles. Make sure it's on it's own domain/workgroup / doesn't trust the internal network. It can be a little complicated, but http://www.isaserver.org/ is your friend. I'd also reccommend buying Dr. Tom's configuration books - they're well worth the money as a reference.
Click to expand...

I'm also looking into ISA server to replace a Linux router. ATM we've got the Linux Router, which works OK, and we've got a 2003 Standard Edition server on its own external interface. It IS a member of the domain, because we use it for VPN traffic (VPN is the *ONLY* traffic allowed in on that interface, so it's still pretty secure).

I've read that ISA server can be used for both your VPN server *and* your Router/Proxy server. Is that correct? Also, the way we have things configured now, *everyone* is denied internet access *by default*, and only the InternetUsers group is allowed out. We check identities with IdentD against AD via LDAP ATM.

Think I can get all that in a single product with ISA server 2004?

Thanks!

Jason
 
DragonMasterAlex said:
I'm also looking into ISA server to replace a Linux router. ATM we've got the Linux Router, which works OK, and we've got a 2003 Standard Edition server on its own external interface. It IS a member of the domain, because we use it for VPN traffic (VPN is the *ONLY* traffic allowed in on that interface, so it's still pretty secure).

I've read that ISA server can be used for both your VPN server *and* your Router/Proxy server. Is that correct? Also, the way we have things configured now, *everyone* is denied internet access *by default*, and only the InternetUsers group is allowed out. We check identities with IdentD against AD via LDAP ATM.

Think I can get all that in a single product with ISA server 2004?

Thanks!

Jason
Click to expand...

Yes, it's my RRAS server as well. I have one of my DCs set up as an IAS server and handle VPN authentication with RADIUS. Having it in the domain isn't the end of the world ( I currently do for DownloadSecurity purposes ), but if you're starting from scratch, give it a go with a one way non transitive trust. VPN setup can be tricky - definately read some of the articles/walkthroughs on isaserver.org, they'll help a lot with that.
 
I've set it up quite a few times, I even run it at home at times from my SBS box....been fiddling with it since ISA 2000.

It's not a joke..it's very...VERY...powerful.

Isaserver.org, as noted above, is a great resource. Read up their setup guides before diving into it.

"I'm trying not to buy a pricey router?" Errr....ISA is substantially more money than a router, even a nice Sonicwall or Cisco business grade box.

Doing things like allowing services to be made public like PcAnywhere or VNC...there's a bit to understand in setting up those services in ISA...twice the work compared to the easy web admin people are used to with routers.

But..it's very stable. Security? It's beefy...occasional security updates for it, feature packs and service packs.
 
I have ISA Server 2k4 running on my home network for testing. Of course, I only have 1 server, so it runs just about everything on it. Runs great however. Nice features, usability and alerting.

Gonna be replacing sonicwalls at my company in a few months with ISA Server 2k4.
 
You must log in or register to reply here.
Back
Top