We have a consultant in who is trying to get us to replace our PIX (we're open to an ISR or ASA on the edge) with ISA. He claims ISA handles Exchange and Sharepoint portal features better than a Cisco devices can.
Does anyone know of some good comparisons, pros and cons or have input on the topic?
Your consultant is very probably right but this doesn't necessarily mean you should use an ISA server as your main firewall.
Because ISA server is a Microsoft product you can expect it to integrate far more into other Microsoft products such as Exchange. For example ISA server is fully integrated into AD which gives it the ability to do things other firewalls can't.
But a lot depends on
1) Are you just firewalling for Microsoft products are are you firewalling for other services as well.
2) How experienced are your people with Pix/ASA vs ISA server.
3) To be fair i have not looked at ISA server for a while but certainly i wouldn't have felt confident to use it as our main firewall. Things may have changed. Perhaps people on the firewalling forum could give you other views.
You could always use a combination of Pix for non-microsoft and ISA for microsoft with your pix being the primary firewall.
I was "educated" by a Microsoft Engineer that the new ISA appliance works better with MS products/services like Sharepoint and OWA than a traditional firewall. No real shocker there. The ISA does integrate well with those services. Try and setup OWA in a DMZ, using RPC over HTTPS, and you'll see what I mean. However, given MS's background, I would in no way ever use ISA server as a primary defense device. The second tier, maybe, and just for the services I outlined above.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...