ISA grumble grumble grumble. Mine has a mind of its own.
ISA will do this out of the box. IPCop will do this with the relevent addons.Originally Posted by ranj
Your choice really depends on how much you want to spend and what your skillset is. If you are not adverse to Linux then this is the more cost-effective solution and there are many alternatives - IPCop, Smoothwall (which also has commercial support - PM Tom Netwon), Endian Firewall and of course you could 'roll your own'.
ISA grumble grumble grumble. Mine has a mind of its own.
Eh? But I though you were nix man Chris. Why aren't you using one the packages Ric has suggested.Originally Posted by ChrisH
Im a big fan of ISA Server
To be honest I only use it because 2000 was at the school when I joined and I logically upgraded to 2004.
Its a very good and secure product, I'm sure Linux could do just as good a job or better, but until I get time to learn it properly and evaluate solutions Im fine with ISA
Only problem is that when the LEA changed their own proxy, ISA started having major problems - massive slowdown and returning random websites, whatever you typed in. Since then we've been using it in a highly botched state to get it to an acceptable speed, and have lost the ability to authenticate users, so we have also lost most of the useful functionality
Over the summer I intend to totally reinstall it and play around with it until it works properly *hopefully*
I have ISA but its not fully implemented because it drives me up the wall. I currently have Censornet V3 doing my firewalling but was getting a little sick of writing custom firewall rules for anything exotic so I thought I would give ISA a go as most of the services I was going to be publishing were windows based.Originally Posted by ITWombat
Thing is that I end up starting the firewall 2 or 3 times to get a rule to work. Best example is a forwarding of remote desktop. I have a rule that lets me through to a remote desktop which works fine. However if I change that IP to a correct IP address of another machine the dam thing doesn't work!!!! There is obviously something wrong with the install but I cant think why as its a pretty simple setup so far.
I have use Smoothwall/IP Cop in the past as well as shorewall. I was just hoping for something that would do as it was told as that git Ric told me it worked well for him .
You can use NTLM authentication with linux proxies yes M$ products may work better this way as they have it natively built into them.We have played with Linux proxy's, but found they all seem to want an Indent client installing on every machine if you want to use authentication
Ident is easily spoofed so is one of the last resort methods I'd choose.
I put some notes at http://techinfo.cnwl.ac.uk/Squid%20Proxy/ about how I've configured Squid running on Windows to do NTLM authentication and logging in a reasonably useful way (and help was given by people here to get that going).
We use ISA here (2 x 2004 servers and 1 x 2000) - it works well.
I'm intrigued by webman's comments; mrbios wrote that there was an ftp server which no-one cared about, not that he didn't care about Linux.
I wonder if Linux would have an even wider take up if there wasn't almost religious zealotry and bigotry surrounding it. I don't find comments like these helpful (nor do I like the snide use of "M$" as an abbreviation for Microsoft) and, in my opinion, spoils what should be a professional forum.
^ No MrBios said he doesnt care to *learn* linux. (And that theres a NAS that no-one cares about)
Personally id recommend learning linux as it will always be useful. Near enough anything "web" runs on linux. Its free, easy to learn, well documented, and most of all far quicker and more stable than windows.
i want to learn it eventually but at the moment i have absolutely no motivation to learn something that goes straight over my head
had a staff review recently and im going to get some linux training in the future, but for now i think id like to add ISA server to my skill set for ease of use, thing with microsoft products is there so easy to pick up and go, i cant just trial and error things in linux because i have to know command line stuff for it (trial and error being my primary way of learning )
^ Thats how i learned linux, that and like ive mentioned its *extreamly* well documented. I dare say if your willing to pay for books MS is better documented but if your just browsing the web looking for info its linux all day long.
Plus you dont need to learn any linux to use the pre-built proxes, and i honestly mean it; put cd in, follow onscreewn instrucions (hostname, ip address, the usual) and away you go.
You can obviously use a web browser, so you can configure a linux proxy as they are all web/browser based
But your obviously willing to pay money, how much ISA cost i wouldnt know, but Smoothwall School guardian could be an option as it extreamly easy to use and also has support
The only bit anyone has trouble with is getting the proxy to authenticate against AD, but if you go for smoothwall i know they'll be able to guide you through it.
j17 thats what I like about ISA server - there is an excellent book by Tom Shinder which goes into an amazing amount of detail and its good to have that amount of reference available without having to go searching or rely on forums - especially in an emergency
I know you dont need Linux knowledge for the pre built proxies but as soon as something was to go wrong Im guessing it would be a massive advantage? As I assume asking for help on Linux forums (or here) would bring suggestions of command line stuff
I will definately learn Linux properly at some point in the near future though, as I would like to try out so many apps that run on it
Btw on the cost of ISA - when we bought 2004 the educational price was extremely good compared to the RRP. Even the RRP makes it a much cheaper solution than a hardware firewall but obviously a lot more expensive than Linux
I think there's a certain category of people for whom the docs available for Linux are good and then there's people like me who find them an absolute nightmare! All too often, you find stuff which just reproduces the man pages or something similar - screen after screen descending pretty much into BNF descriptions of the options when a few simple examples could make it much clearer.Originally Posted by j17sparky
Of course you can just use a pre-built proxy but once you want to do more then you have to understand more of what's going on. The same is pretty much true of ISA server; it's all GUI and wizard driven but using more complex features needs more learning.
You don't need to spend money on books for MS software; Tom Shinder was mentioned for his book on ISA server - his web site contains a mass of info which can help.
MS ISA obviously costs more than (say) Squid on Linux/Unix but it's not a huge amount of money; certainly the hours I spent trying to get Squid working in the way I wanted cost far more than just buying another copy of ISA server (but I did want to try and understand more about Unix type software so I persevered!)
There are currently 1 users browsing this thread. (0 members and 1 guests)