On Tue, 2005-11-15 at 12:40 -0800, Jim Harrison (ISA) wrote: > Of the two mentioned, only CP comes near ISA's ability to inspect the > traffic and only ISA can handle RPC traffic without having to push the > openaport button.
Would have to agree with this, if you need to use and properly control some sort of RPC based application then ISA all the way, the RPC manageability is unchallenged by any other firewall. Like Jim said, look at the traffic carefully and decide what you need. ISA and CP whilst excellent products might be overkill for your requirements and something smaller might be useful. It's worth noting that you can get ISA as an Appliance, but personally I generally steer clear of appliances, for the following reasons: Upgrade usually means entirely new box and often another software license. Patch management doesn't generally fit in with other systems, since the boxes usually have their own process. Also most of them have a very powerful operating system underneath which is only exposed to you via a limited interface. For example Borderware has an utterly useless interface but is a FreeBSD system at it's core and it pretty much runs on standard PC hardware (it comes with a DVD drive!). My only argument for appliances is "Nokia boxes look cool in a rack". -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
