Re: ISA Server versus Checkpoint Firewall
From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 07/25/04
- Next message: Jim Harrison [MSFT]: "Re: ISA 2000 Enterprise - User Session Spikes"
- Previous message: menard: "Re: how to publish OWA 2003"
- In reply to: Phillip Renouf: "RE: ISA Server versus Checkpoint Firewall"
- Next in thread: Phillip Renouf: "Re: ISA Server versus Checkpoint Firewall"
- Reply: Phillip Renouf: "Re: ISA Server versus Checkpoint Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 25 Jul 2004 15:56:05 -0700
Hi Phillip,
I'm very happy to report that Checkpoint loses to ISA in every "inspection" category.
Also, there is more to "stateful" than you describe; it goes all the way to L7, something Checkpoint doesn't yet do.
Checkpoint is only recently starting to realize the value of application-layer filtering; something ISA has had for years.
-- Jim Harrison [ISASE] Read the help, books and articles! This posting is provided "AS IS" with no warranties, and confers no rights. "Phillip Renouf" <PhillipRenouf@discussions.microsoft.com> wrote in message news:97CEBA39-1588-4A15-82AD-4BC33790D120@microsoft.com... I can't point you to any discussions but I can give you my own opinion. It all depends on your specific needs and the size of your organization. ISA Server can be fairly easy to just plug in, set up a few rules and hit the ground running. Unfortunately that can often be a bad thing as it is very easy to misconfigure a firewall and the false sense of security that a poorly configured firewall gives you can have damaging results. Personally I don't like the ISA Server interface, I don't think the rules setup are logical and don't like the way the administration interface looks. By contrast Checkpoint is a more complicated product, but it is also layed out very logically and the nature of the way Checkpoint rules are setup it is much easier to create rules. The management interface is much nicer and the architecture of Checkpoint is much more scalable than ISA Server. Checkpoint is also a truely "Stateful packet inspection" firewall. It looks at each packet, compares it with the rules that have been created and if the packet matches one of the rules it allows it through. If it doesn't it gets denied. ISA Server is a "Stateful" firewall (although I'm sure many here will argue with me), but does not do the same inspection that a true SI firewall does. If you are a small shop I'd actually recommend using Raptor (now Symantec Enterprise Firewall), it is a very straightforward firewall, intuitive and very secure out of the box. It's a great small-medium business firewall, but like ISA Server doesn't scale out to the enterprise level yet. Phil "Owen Parry" wrote: > We're looking at firewall options and like the idea of using ISA Server as > our firewall rather than Checkpoint. Can anyone point me to some advice on > this, such as a discussion of the pros and cons of one versus the other ? > > >
- Next message: Jim Harrison [MSFT]: "Re: ISA 2000 Enterprise - User Session Spikes"
- Previous message: menard: "Re: how to publish OWA 2003"
- In reply to: Phillip Renouf: "RE: ISA Server versus Checkpoint Firewall"
- Next in thread: Phillip Renouf: "Re: ISA Server versus Checkpoint Firewall"
- Reply: Phillip Renouf: "Re: ISA Server versus Checkpoint Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
