Since the ISA firewall was designed to protect OWA, what would be the
rationale for not using an ISA firewall?=20

Tom and Deb Shinder's Configuring ISA Server 2004
MVP -- ISA Firewalls

-----Original Message-----
[] On Behalf Of Chris
Sent: Monday, May 09, 2005 8:44 PM
To:; Paul Melson
Subject: Re: [fw-wiz] PIX -> ISA -> OWA Configuration

Hi folks!

At 10:47 AM 5/7/2005, Victor Williams wrote:
>Personally, I didn't see any reason to state the obvious when it was

>for everyone to see.
>There is no *safe* or *best* way to deploy that architecture as far as

>concerned. The sooner everyone just accepts that, the better off

>will be.

Everyone that counts (the folks who pay for all this stuff) don't give a

mongoose's hooter what architecture is used, they just want their apps
work where they need them. On this one I agree with them
I'd like to be able to read my email displayed on the fannies of
waterfowl. I'll settle for bioptic HUD glasses that can overlay the
as opposed to actually laser-printing on loons, but it better be no less

secure than a workstation in a cube however it gets done.

>I've found personally that a correctly implemented VPN solution is 1000

>times better than trying to get OWA deployed and *safe*.

The only problem with VPNs are kiosks and other Not-My-Computer=20
situations. Webmail will be implemented (even, I shudder to say, OWA)=20
because we haven't yet made VPNs fully portable.

If you have to use OWA, I'd use one of the mail firewalls out there=20
(BorderWare or IronMail, for example) in front of it. Something like
gives you a break in the chain between your MaxiSoft servers and the
and a dev team to maintain it and pester when you feel antsy.



Chris Blask

firewall-wizards mailing list

firewall-wizards mailing list