Quote Originally Posted by mrforgetful
But you can't deny it's always good practise to have more than one thing to hack, and even better if they're different manufacturers.
Yes its a good idea to have first firewall on the outer ring to filter the usual really crap traffic but for intelligent filtering and stateful inspection ISA server is a very good product. The way we got it setup is that our cisco 2611XM router with the usual rules setup filter the grabage and then it hits isa so yes we do have outer and inner ring firewall. What i was saying is that you don't need to go for the expensive option on the outer there are cheaper options i.e. cisco 2611xm router with IOS that has firewall feature set say for example. This damn cheaper than the ASAs.

Ash.