> I've been using ISA 2004 on a box that's been facing the internet since it's
> was released as a public beta. I've run other firewall "appliances" as well
> as both m0n0wall and pfSense (pfSense is a variant of m0n0wall optimized for
> use on standard PC hardware) and I've really found it to have the best
> featureset. I also read an article on Network Computing or Windows Magazine
> that put ISA2004 as one of the fastest firewalls, almost achieving "full"
> 1000Base-TX speeds.

Do you have a link to an online version of this article? I'd like to see
their testing criteria. It's not that I don't believe you... well, yeah,
it is that I don't believe you. You're just some guy on the Internet,
after all.

> I think ISA's real redemption comes from the hardware that it runs on,
> standard (sometimes cheap) PC components. If you get a power surge on an
> Ethernet card (because only in the engineer's dreamworld does the Ethernet
> cable get it's on surge arrestor) and blow the card, there's a $20
> replacement at the local computer store. On the other hand, you have the
> sleek, integrated units that you have to throw away or RMA if something gets
> zapped, and you won't be able to troubleshoot it to the same degree you'd be
> able to troubleshoot an ISA server.

Personally, I see this as a negative. That cheap $20 Ethernet card you
mention being easy to replace is also more likely to go down do to a
failure than something built with enterprise class components... not
just with whatever parts came off the boat from <insert Southeast Asian
country here> last week. The fact that ISA can run on commodity hardware
means that it is more prone to a hardware failure, and that isn't
acceptable in a high-availability environment... and who's business
isn't these days?

Abe

--
Abe Getchell
abegetchell (at) gmail (dot) com [email concealed]
http://abegetchell.com/

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]