Cisco edge device vs Microsoft ISA

joeb · ‎06-02-2008

We have a consultant in who is trying to get us to replace our PIX (we're open to an ISR or ASA on the edge) with ISA. He claims ISA handles Exchange and Sharepoint portal features better than a Cisco devices can.

Does anyone know of some good comparisons, pros and cons or have input on the topic?

Thanks!

Jon Marshall · ‎06-02-2008

Joe

Your consultant is very probably right but this doesn't necessarily mean you should use an ISA server as your main firewall.

Because ISA server is a Microsoft product you can expect it to integrate far more into other Microsoft products such as Exchange. For example ISA server is fully integrated into AD which gives it the ability to do things other firewalls can't.

But a lot depends on

1) Are you just firewalling for Microsoft products are are you firewalling for other services as well.

2) How experienced are your people with Pix/ASA vs ISA server.

3) To be fair i have not looked at ISA server for a while but certainly i wouldn't have felt confident to use it as our main firewall. Things may have changed. Perhaps people on the firewalling forum could give you other views.

You could always use a combination of Pix for non-microsoft and ISA for microsoft with your pix being the primary firewall.

Jon

Collin Clark · ‎06-03-2008

I was "educated" by a Microsoft Engineer that the new ISA appliance works better with MS products/services like Sharepoint and OWA than a traditional firewall. No real shocker there. The ISA does integrate well with those services. Try and setup OWA in a DMZ, using RPC over HTTPS, and you'll see what I mean. However, given MS's background, I would in no way ever use ISA server as a primary defense device. The second tier, maybe, and just for the services I outlined above.