Re: ISA vs. Firewall

Hi

I guess my previous question sort of resembles the implementation of public
proxy server (only that we would set it up for private use).

Now, as I'm checking out the list of these public proxy servers, some listed
as "anonymous", other as "high anonymity", and even "transparent", what the
differences on these ??

Thanks
Steve

"Phillip Windell" <@.> wrote in message
news:OS5BeqUOFHA.3388@xxxxxxxxxxxxxxxxxxxxxxx
> "SP" <none> wrote in message news:O66GaRqNFHA.3984@xxxxxxxxxxxxxxxxxxxxxxx
>> example). Is it safe to equate ISA with firewalls ? If not, never mind
> my
>
> ISA is a firewall. The term "firewall" is generic and refers to any
> device
> that blocks traffic based on some type of Rules, ACLs, or simply by using
> Network Address Translation.
>
> There are two main technologies. They are not the same thing but produce
> similar end results:
> 1. Proxying
> 2. Network Address Translation (NAT)
>
> All of your devices like PIX, Watchgaurd, Sonicwall are all NAT-Based
> Firewalls. They may use the term "proxy" in their documentation
> (Watchgaurd
> does) but it is not the same thing as a Proxy Server,...in my opinion they
> are "abusing" the terminology.
>
> ISA Server has both. It is primarily a proxy server but also has an
> Secure
> NAT Service (SecNAT). It is much more "in depth" than any of the
> NAT-Based
> firewalls as far as its abilities and capabilities. One of the major
> differences is the ability to authenticate against Domain User Accounts,
> which no NAT-Based Device can match because the NAT Technology just isn't
> capable of such. In fact you even lose that ability with ISA if you only
> use the SecureNAT Service.
>
>> question. If yes, where is ISA ? A high-end firewall ? Or, somewhere
>> in
>> the middle ?
>
> High end.
>
>> If ISA sits behind a firewall but is placed on DMZ, is it better off to
> get
>> rid of the firewall altogether ?
>
> Depends on what you want. If you want a Back-to-Back DMZ, fine, do it.
> But
> ISA will do just fine as the one and only firewall device on the system
> and
> can be used on the edge of the network without a DMZ.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>


.

Relevant Pages

  • Workstations not getting Automatic Windows Updates
    ... The domain controller is also the Proxy Server. ... Problem is that automatic updates are ... Download.windowsupdate.com to firewall exception list. ... I have added the same sites to ISA policy destination set. ...
    (microsoft.public.windowsupdate)
  • How to allow for programs through ISA 2000
    ... Firewall / Proxy Server - you may need to temporarily disable your ... firewall or proxy server to perform Smart Update, ... Amy idea where I can do this in ISA 2000? ...
    (microsoft.public.isa)
  • Re: Workstations not getting Automatic Windows Updates
    ... The domain controller is also the Proxy Server. ... Any station can manually go to the windows update site and download all ... Download.windowsupdate.com to firewall exception list. ... I have added the same sites to ISA policy destination set. ...
    (microsoft.public.windowsupdate)
  • Re: ISA - Configuration
    ... Did not realiase that the ISA came only with the Premium ... What about proxy server, There should be a proxy server ... >If you want to log site visits and have a full firewall, ...
    (microsoft.public.windows.server.sbs)
  • Re: CEICW fails - several errors
    ... The firewall isn't used when ISA is installed. ... On the WAN NIC of your server the DNS has to point to the LAN IP. ... I immediately checked and ISA Server ...
    (microsoft.public.windows.server.sbs)