brokenhalo
IS-IT--Management
Hello all:
To make this brief, my colleage and myself are possibly looking to replace our current ISA/TMG firewalls and have them replaced with something different given the recent news about Microsoft discontinuing the Forefront products. So now that the planning wheels are in motion, I am trying to think of some good alternatives that do all the things that ISA/TMG does.
Some of the most specific features we need are...
[ul]
[li]Proxy/Reverse Proxy - To publish our Sharepoint, Lync, OWA etc and URL rewriting[/li]
[li]User VPN termination[/li]
[li]Site-to-site VPN[/li]
[li]Simple 3-leg DMZ[/li]
[li]Application Firewall (packet inspection)[/li]
[/ul]
Almost any firewall (device or software) can accomplish the last 4 bullet items listed above, but I am having trouble finding a hardware device that can provide a web front-end (NTLM Authenticated) for our MS applications like ISA/TMG. Some research shows that some of the newer Sonicwalls with the v3.5+ firmware can support OWA, but uncertain about Sharepoint.
On a second note, some other resource about some open-source products that can do what we need would be a Pound server, but several forums reported some people having major issues with either passing NTLM authentication or random session hijacks in OWA. Some other have reported using Apache with Modsecurity for reverse proxy, but I am skeptical.
So my question is - has anyone here setup an environment similar to what I've described and if so, what is the best way to do it? Is there a hardware device that can do everything (preferable) or a hardware firewall + an additional open-source, reverse-proxy device that can handle the rest? Thanks, as always.
Brad L.
Network Engineer
Pcubed
"Some things Man was never meant to know. For everything else, there's Google.
To make this brief, my colleage and myself are possibly looking to replace our current ISA/TMG firewalls and have them replaced with something different given the recent news about Microsoft discontinuing the Forefront products. So now that the planning wheels are in motion, I am trying to think of some good alternatives that do all the things that ISA/TMG does.
Some of the most specific features we need are...
[ul]
[li]Proxy/Reverse Proxy - To publish our Sharepoint, Lync, OWA etc and URL rewriting[/li]
[li]User VPN termination[/li]
[li]Site-to-site VPN[/li]
[li]Simple 3-leg DMZ[/li]
[li]Application Firewall (packet inspection)[/li]
[/ul]
Almost any firewall (device or software) can accomplish the last 4 bullet items listed above, but I am having trouble finding a hardware device that can provide a web front-end (NTLM Authenticated) for our MS applications like ISA/TMG. Some research shows that some of the newer Sonicwalls with the v3.5+ firmware can support OWA, but uncertain about Sharepoint.
On a second note, some other resource about some open-source products that can do what we need would be a Pound server, but several forums reported some people having major issues with either passing NTLM authentication or random session hijacks in OWA. Some other have reported using Apache with Modsecurity for reverse proxy, but I am skeptical.
So my question is - has anyone here setup an environment similar to what I've described and if so, what is the best way to do it? Is there a hardware device that can do everything (preferable) or a hardware firewall + an additional open-source, reverse-proxy device that can handle the rest? Thanks, as always.
Brad L.
Network Engineer
Pcubed
"Some things Man was never meant to know. For everything else, there's Google.