ISA and SonicWall (was Cannot connect through ISA Server to www.microsoft.com)

Tech-Archive recommends: Fix windows errors by optimizing your registry

On Mon, 18 Feb 2008 07:39:35 -0500, "Paul Shapiro"
<paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

Changed the subject line. Hoping for a broader discussion on the topic
and wishing to learn more about SonicWall products.

I was thinking of
removing ISA from the SBS server. I have a Sonicwall hardware firewall as
the Internet router, so I don't lose much protection. My thinking is that
since the next SBS will be single NIC anyway, maybe it's not a bad idea to
get ready for that now. What do you think?

Personally I think it is a bad idea not to offer ISA Server with SBS
2008. (Is this decision final?) Windows Essential Business Server will
contain a future version of ISA.
http://blogs.msdn.com/mssmallbiz/archive/2007/11/07/5955270.aspx

Starting at another end: In a former life I worked with MS products at
HP Norway, close together with Cisco guys. We did a lot of clustering
with Exchange. Then the argument often came up: Cisco PIX Secure
Firewall, these are "real" firewall, lightning fast with ASICs, no
insecure underlying OS. While ISA 2000/2004 on the other hand more was
considered as a proxy server with limited firewall features. And as to
caching, squid on HP-UX, later Linux was better anyhow.

However, where the PIX really failed by a feature by feature
comparison was its ability to protect at the application layer. This
is some years ago, and I guess much has changed with PIXes since those
days.

But I wonder if these arguments to some extent still hold true, also
applied to SonicWall devices. I still think (but might be wrong), ISA
is among the best firewall products for protecting Exchange Server:

* Secure Exchange RPC
* OWA
* OMA
* ActiveSync with secure publishing rules
* URL protection
* HTTP filtering and forms-based authentication

Question 1: How does the Small Business SonicWalls stack up against
this?

Question 2: In larger installations you often put some ASIC-based
device at the outer edge and application filters in front of web and
Exchange servers. What about a SonicWall at the edge and ISA on SBS?

P.S. I find it a bit confusing when looking at SonicWall devices. Is
everything in the box? Do I need a different OS? What additional
features are needed?

jas
.

Relevant Pages

  • Re: RWW Timing
    ... If you have installed ISA, ... Expand the server node and highlight ''Monitoring''. ... In the following website you can find many useful resources related to SBS ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Switching IP address ranges
    ... ISA Server performs deep inspection of Internet ... inspection of all VPN traffic. ... Forth just because SBS is cheap it does not mean is bad. ... I used to believe on solid state firewalls (which SonicWall is not) but they ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP Issues. Very strange
    ... default order of rule in ISA 2004. ... Windows SharePoint Services intranet site, ... server certificate on Web server name column and then click Next. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN setup?
    ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA access rules, help
    ... please let me know whether you're using ISA 2000 or ISA 2004 ... (SBS SP0 or SBS SP1). ... the ISA server will not be used as a proxy server. ... Since SBS already used port 80, ...
    (microsoft.public.windows.server.sbs)