Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SonicWall Firewall appliance vs. ISA? 2

Status
Not open for further replies.
wahnula

wahnula

Technical User
Jun 26, 2005
4,158
US
Hello,

I had a local tech assist me in getting my Exchange via DDNS sorted out (I was 99.9% there, dammit!) and asked him to assist in ISA install & config of my SBS 2003 SP1 Premium server.

He offered me a pitch against ISA and towards a SonicWall TZ-170 appliance, that will handle A/V, Spyware and Stateful Packet Inspection Firewall, for $549 and renews at $20/seat per year. I think this price is kind of high but I like to stay local and if they sell it they support it for a year.

I would like to gather opinions on this as he is scheduled to return Jan 8th and either install the appliance or help get ISA going, depending on our decision. I am thrilled that it will handle client A/V duties as it stands now I renew Norton every year on every machine at $30 per seat.

Thanks all and have a wonderful Holiday season! I know I will, as I will not return to work until the 8th! [shadeshappy]

Tony
 
Sort by date Sort by votes
I would go for both - a hardware firewall gives me confidence and ISA server gives me caching and another layer of security
 
Upvote 0 Downvote
Pandster thanks for the reply. Suppose you lived in a world where you could only have one. Which would you choose? The tech's recommendation (MCSE) is to eliminate the 2nd NIC and use only the sonicwall for protection of intranet and Internet traffic. Thanks again and Happy New Year!

Tony
 
Upvote 0 Downvote
Tony, I can see benefits in each. I have a set up with multiple nics, run isa server 2004, and have a netgear fvx538 (cheap and cheerful) hardware firewall/vpn device. This works well for us but we have around 40 users. We also have a enterprise license for symantec which takes care of the spyware aspect. If you only have a few users and no spyware protection then I would be tempted by the sonicwall solution.
 
Upvote 0 Downvote
I know there's a lot of debate about this, but I prefer the single-NIC solution without ISA. More than a dozen of the deployments of SBS I've done have been single-NIC with either Watchguard or SonicWall devices providing security/AV screening.

I haven't had any reason to regret it, and for me, at least, I find it's easier to narrow down issues when I have the firewall running on a separate device.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Thanks all, decision has been made, Sonicwall it shall be. We don't run IIS or a web server of any sort, after my research (and your help) the decision was easier.

I always get suspicious when an outside tech makes a suggestion that costs $$$ every year to renew. Sometimes they can be like cable salesman, always trying to upsell. I have reached a comfort level with this particular tech and the fact that he is a MCSE meant I was getting a professional. The first tech they sent out was not (never installed ISA, I had more ISA experience than him LOL), so I threw him back and asked for the big fish. Same price, more knowledge, experience and trust.

As a lesson to SBS sysadmins, when you call for tech help make sure you are getting an SBS specialist or MCSE.

As a lesson to tech shops, listen to what your customer says, make sure you understand what they need. Many people are suspicious of upsells. This tech took 20 minutes (off the clock) to explain to me why the SonicWALL was so much better than ISA, as I already own ISA and had hired him to help install it I was quite suspicious when he started his spiel about sonicWALL.

Now I am glad he did!

Happy New Year!

Tony


 
Upvote 0 Downvote
UPDATE: Sonicwall went in today, we maintained the SBS structure and the 2 NICs, just replaced the D-link VPN/router. What a breeze! I feel safe enough now to open my server to the world. As a DIY sysadmin (I built all machines in the network, including the server and a laptop) I could really appreciate a true MCSE professional at work, laser fast. He configured OWA in about twenty seconds (without wizards) and had the sonicwall done in fifteen minutes, including moving the Tzo applet to the server.

He does not recommend ISA, but sensed my apprehension and left the SBS structure the same in the event I wanted to install it later. When someone with so much more knowledge than me talks, I listen.

I had him slip the PAE /3GB switch in boot.ini, four seconds. Fix W32Time errors, three seconds. Well worth the $$$ for the peace of mind and time saved...time is money!

You guys are gods, and have taken me as far as I felt comfortable. While this board is indispensable to me, my MCSE is just a phone call or email away. Thanks to all.

Tony
 
Upvote 0 Downvote
Glad you are in a good place, Tony. Sounds like you are doing great taking things up to a point, and then having some of the tougher stuff quickly polished off. I wish I had more clients like you.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tviman
  • Locked
  • Question
Remote Apps vs Remote Desktop Connection
Replies
0
Views
196
tviman
tviman
AlfonsoSF
  • Locked
  • Question
Esplorer (not the internet browser) hangs in a user RDP session ins a W2016 vsphere virtual machine.
Replies
1
Views
236
hairlessupportmonkey
hairlessupportmonkey
Leozack
  • Locked
  • Question
LOGON SPEED : GPO settings vs script reg import etc
Replies
3
Views
368
Leozack
Leozack
ALVader
  • Locked
  • Question
Should firewall also be a ntp server
Replies
0
Views
179
ALVader
ALVader
DanielUK
  • Locked
  • Question
RPC server unavailable if Windows Firewall on, ok if off?
Replies
0
Views
151
DanielUK
DanielUK

Part and Inventory Search

Sponsor

Back
Top