cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
354
Views
0
Helpful
3
Replies

PIX with or w/o ISA

footsandersen
Level 1
Level 1

Any opinions on the necessity of keeping an ISA server with a PIX on the network? ISA server was acting as proxy/firewall, but I don't think I really need it anymore.

Thanks

3 Accepted Solutions

Accepted Solutions

tcavdar
Level 1
Level 1

This is up to you but two firewalls is more secure than one (also it is a good confýguration : two firewalls from different vendors). If you use isa as caching server than still use it as the firewall...

View solution in original post

sgjmgreve
Level 1
Level 1

ISA can be very useful if you have an active directory network to give your users rights to certain functionality.

If that is the case then I should say use both of them, ISA as firewall for the inside and PIX for the outside firewall.

Stefan

View solution in original post

shannong
Level 4
Level 4

ISA is very useful for HTTP filtering/caching, especially because it integrates seamlessly with your user accounts. It's also very useful to perform authentication on inbound sessions such as access to OWA which should NEVER be exposed directly to the Internet.

I would keep the ISA and put it behind the PIx in a DMZ. I don't like the idea of an ISA server in front by itself because...well... to be frank...It's Microsoft. It's a full blown OS with all kinds of services, accounts, and misconfiguration opportunities to exploit.

View solution in original post

3 Replies 3

tcavdar
Level 1
Level 1

This is up to you but two firewalls is more secure than one (also it is a good confýguration : two firewalls from different vendors). If you use isa as caching server than still use it as the firewall...

sgjmgreve
Level 1
Level 1

ISA can be very useful if you have an active directory network to give your users rights to certain functionality.

If that is the case then I should say use both of them, ISA as firewall for the inside and PIX for the outside firewall.

Stefan

shannong
Level 4
Level 4

ISA is very useful for HTTP filtering/caching, especially because it integrates seamlessly with your user accounts. It's also very useful to perform authentication on inbound sessions such as access to OWA which should NEVER be exposed directly to the Internet.

I would keep the ISA and put it behind the PIx in a DMZ. I don't like the idea of an ISA server in front by itself because...well... to be frank...It's Microsoft. It's a full blown OS with all kinds of services, accounts, and misconfiguration opportunities to exploit.

Review Cisco Networking for a $25 gift card