I am in charge of researching a firewall to replace what we currently
have. At my previous job I had used Microsoft ISA in a low-security
environment, and was happy with its features, and its integration with
the Windows environment there. However, at my current job, security is a
much greater concern, and I have to admit, I am somewhat uneasy running a
Microsoft firewall product on top of a Microsoft OS. We also had
investigated Checkpoint as well as Cisco Pix, and found that for our
needs, the Pix at least seemed to need _many_ separate components for the
same functionality. My question is what are your experiences with using
ISA from a security standpoint? Usability issues? From the Mac end? Or
would we be better off pursuing the Checkpoint or the Pix solution? We
also plan on implementing VPN over whatever we choose, so if you
recommend something other than these, it should support at least PPTP and
perhaps eventually IPSec/L2TP. We have also considered placing ISA
behind a Linux (or BSD) IP Chains firewall and our perimeter network to
block some of the traffic from getting to ISA. Any comments here? Thanks
to everybody in advance!