Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco edge device vs Microsoft ISA

We have a consultant in who is trying to get us to replace our PIX (we're open to an ISR or ASA on the edge) with ISA. He claims ISA handles Exchange and Sharepoint portal features better than a Cisco devices can.

Does anyone know of some good comparisons, pros and cons or have input on the topic?


  • WAN Routing and Switching
Hall of Fame Super Blue

Re: Cisco edge device vs Microsoft ISA


Your consultant is very probably right but this doesn't necessarily mean you should use an ISA server as your main firewall.

Because ISA server is a Microsoft product you can expect it to integrate far more into other Microsoft products such as Exchange. For example ISA server is fully integrated into AD which gives it the ability to do things other firewalls can't.

But a lot depends on

1) Are you just firewalling for Microsoft products are are you firewalling for other services as well.

2) How experienced are your people with Pix/ASA vs ISA server.

3) To be fair i have not looked at ISA server for a while but certainly i wouldn't have felt confident to use it as our main firewall. Things may have changed. Perhaps people on the firewalling forum could give you other views.

You could always use a combination of Pix for non-microsoft and ISA for microsoft with your pix being the primary firewall.


Re: Cisco edge device vs Microsoft ISA

I was "educated" by a Microsoft Engineer that the new ISA appliance works better with MS products/services like Sharepoint and OWA than a traditional firewall. No real shocker there. The ISA does integrate well with those services. Try and setup OWA in a DMZ, using RPC over HTTPS, and you'll see what I mean. However, given MS's background, I would in no way ever use ISA server as a primary defense device. The second tier, maybe, and just for the services I outlined above.