[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] Why do you still want ISA Server 2000 after XP sp2's firewall.... - THE OFFICIAL BLOG OF THE SBS DIVA
Thu, Aug 19 2004 12:48 bradley

Why do you still want ISA Server 2000 after XP sp2's firewall....

Stealing post from Jim Behning for the blog:

I was at an account troubleshooting a ftp on one of the member
Servers. I did a speed test at toast.net and was only getting 200k. I
was not happy. I looked in ISA and saw who had session’s running. I
went to all the machines and asked them to stop. One of the users had
nothing open on her machine. She was reading a book or something. I
went back to the server and she was still showing up. I went back to
her machine, from add/remove I yanked out all non-work related stuff.
I went in to the registry and yanked out all bad run lines and all
software keys that were known junk. I ran process explorer and killed
the malware/spyware processes so I could delete the folders for
save/searchbar and junk like that. I reboooted the workstation and she
said that was the fastest she ever saw that machine go. The server was
able to do a 1 meg download. All that just because I could read some
logs in ISA.
 
In ISA I can ban certain types of downloads and access to certain
websites. I can give users internet bandwidth priority. Users that do
real research get high priority will people known to goof off get real
low bandwidth priority. 
 
I hate installing SBS basic with no ISA because ISA is such a great
tool for troubleshooting problems and preventing them.
 
For more info on ISA go to www.isaserver.org One of the best sites to
see how people do stuff with ISA. There is a great article by Tom
about what ISA is versus other firewalls.
 
Note that ISA can run for years with no touching. If you want to touch
it to see what is happening then it is a great tool to have. I really
miss it at the few accounts I have that do not have it.
 
SP2 fixes lots of thing in XP. Just having a popup blocker reduces the 
opportunity for malware to get on a machine. But SP has more.
Microsoft has more info on their website about what SP2 is about.
Windows XP Service Pack 2 Resources for IT Professionals: 
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
Filed under:

# re: Why do you still want ISA Server 2000 after XP sp2's firewall....

Thursday, August 19, 2004 8:54 PM by bradley

Great! I feel the same way when there isn't an ISA firewall protecting the network. I had a conversation with an enterprise admin for a fairly large satellite communcations company last week and he said he had reservations putting a "software firewall" at the edge of the network. I said that sounds good and that we'll work well together, because I would never even plug my laptop into a network that had only a packet filter like PIX "protecting" it! We had a good laugh and he realized that he had swallowed the "hardware" firewall pill.

If you think there is still some "hardware firewall" marketing poisoning in your system, then check out:

http://isaserver.org/articles/2004tales.html

I also agree with ISA not require touching. On one of the gateways in our office (won't tell you how many we have :-) There is an ISA firewall that was setup in in January 2001. It has been restarted a couple of times for reasons I don't recall, but running uptime.exe shows:

\\exetert2 has been up for: 177 day(s), 16 hour(s), 1 minute(s), 44 second(s)

(and don't give me any bunk about hotfixes, I'll get around to installing them when I have time ;-)

Finally, the Windows Firewall see ICF, is a HOST BASED firewall -- the ISA firewall is designed to be a NETWORK firewall. Host based firewalls and network firewalls are two completely different animals which serves some common, but mostly different purposes.

OK, that's enough writing for free today :-))

Thanks!
Tom