Since the ISA firewall was designed to protect OWA, what would be the
rationale for not using an ISA firewall?=20


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Chris
Blask
Sent: Monday, May 09, 2005 8:44 PM
To: vbwilliams@neb.rr.com; Paul Melson
Cc: woodsd001@hawaii.rr.com; firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] PIX -> ISA -> OWA Configuration

Hi folks!

At 10:47 AM 5/7/2005, Victor Williams wrote:
>Personally, I didn't see any reason to state the obvious when it was

there=20
>for everyone to see.
>
>There is no *safe* or *best* way to deploy that architecture as far as

I'm=20
>concerned. The sooner everyone just accepts that, the better off

everyone=20
>will be.


Everyone that counts (the folks who pay for all this stuff) don't give a

mongoose's hooter what architecture is used, they just want their apps
to=20
work where they need them. On this one I agree with them
whole-heartedly:=20
I'd like to be able to read my email displayed on the fannies of
migratory=20
waterfowl. I'll settle for bioptic HUD glasses that can overlay the
text=20
as opposed to actually laser-printing on loons, but it better be no less

secure than a workstation in a cube however it gets done.

>I've found personally that a correctly implemented VPN solution is 1000


>times better than trying to get OWA deployed and *safe*.


The only problem with VPNs are kiosks and other Not-My-Computer=20
situations. Webmail will be implemented (even, I shudder to say, OWA)=20
because we haven't yet made VPNs fully portable.

If you have to use OWA, I'd use one of the mail firewalls out there=20
(BorderWare or IronMail, for example) in front of it. Something like
that=20
gives you a break in the chain between your MaxiSoft servers and the
World,=20
and a dev team to maintain it and pester when you feel antsy.

-cheers!

-chris


Chris Blask
chris@blask.org
blaskworks.blogspot.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards