I will deploy a Small Business Server 2008 Premium so I will have an Exchange Server. However the Exchange Server is installed in the same server with the Windows Server that manages my network so I really don't know if this server should be connected to the DMZ port.
I will need remote access to the office network using either VPN client software or web browser with SSL. If users can download the VPN client from the appliance it's better but risky, or not?
Small Business Server 2008 comes with a Remote Web Workspace so users should connect to the server and of course to Outlook Web Access.
Right now I don't need site-to-site tunnel but maybe in the near future.
I will deploy the Symantec Protection Suite Small Business Edition that includes features to protect email, exchange server, viruses, worms, spyware and malware.
I hope this information is useful so you can help me choose the right security appliance.
Sorry for the delay in responding and thank you for the additional information. You are correct about keeping the server behind the firewall. We have implemented a SBS 2003 server, kept it behind the firewall and port forwarded the port numbers (i.e. 465, 993 and 443) to the Exchange server. Generally, we would put a web and/or mail server on the DMZ. Sometimes, if the server is used for e-commerce and needs access to resources inside the network, then we will also allow access to specific servers on the inside.
The SA 500 series platform is a good overall security appliance for SMB companies that have a fairly simple network infrastructure. We have deployed the product into sites where the customer mainly needs firewall, IPS (Cisco just announced the feature), integrated TrendMicro Protectlink security service (for spam, malware, web browsing filtering) and SSL VPN for remote users.
We like the ASA 5500 series for clients that require granular security into and out of their network. The ASA is a very flexible platform and can provide various security levels depending on the customers requirements. One feature that is we deploy is the AnyConnect client. This software is loaded onto the ASA. Remote users will simply point their browser to the ASA via Web SSL, login, ASA checks the OS and downloads the appropriate OS version for the AnyConnect. We have deployed this for clients that have a mixture of WinXP, Vista, Win7 and MacOS remote users. All works very well.
Both platforms are good, but it depends on the requirements and what you would like to do. If you like, let's chat. I will send you my phone number via PM.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...