Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX with or w/o ISA

Any opinions on the necessity of keeping an ISA server with a PIX on the network? ISA server was acting as proxy/firewall, but I don't think I really need it anymore.

Thanks

3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: PIX with or w/o ISA

This is up to you but two firewalls is more secure than one (also it is a good confýguration : two firewalls from different vendors). If you use isa as caching server than still use it as the firewall...

New Member

Re: PIX with or w/o ISA

ISA can be very useful if you have an active directory network to give your users rights to certain functionality.

If that is the case then I should say use both of them, ISA as firewall for the inside and PIX for the outside firewall.

Stefan

Silver

Re: PIX with or w/o ISA

ISA is very useful for HTTP filtering/caching, especially because it integrates seamlessly with your user accounts. It's also very useful to perform authentication on inbound sessions such as access to OWA which should NEVER be exposed directly to the Internet.

I would keep the ISA and put it behind the PIx in a DMZ. I don't like the idea of an ISA server in front by itself because...well... to be frank...It's Microsoft. It's a full blown OS with all kinds of services, accounts, and misconfiguration opportunities to exploit.

3 REPLIES
New Member

Re: PIX with or w/o ISA

This is up to you but two firewalls is more secure than one (also it is a good confýguration : two firewalls from different vendors). If you use isa as caching server than still use it as the firewall...

New Member

Re: PIX with or w/o ISA

ISA can be very useful if you have an active directory network to give your users rights to certain functionality.

If that is the case then I should say use both of them, ISA as firewall for the inside and PIX for the outside firewall.

Stefan

Silver

Re: PIX with or w/o ISA

ISA is very useful for HTTP filtering/caching, especially because it integrates seamlessly with your user accounts. It's also very useful to perform authentication on inbound sessions such as access to OWA which should NEVER be exposed directly to the Internet.

I would keep the ISA and put it behind the PIx in a DMZ. I don't like the idea of an ISA server in front by itself because...well... to be frank...It's Microsoft. It's a full blown OS with all kinds of services, accounts, and misconfiguration opportunities to exploit.

93
Views
0
Helpful
3
Replies