Hi guys and girls
When selling SBS2003, ISA was an awesome product. We love the ability
to block AD users / AD Groups or individual PCs from certain services,
websites, etc.
Since 2008 doesn't include ISA, we are looking for alternatives.
We are looking at using ISA 2006, and the effect on costs, etc, vs using
a hardware device or other software.
Previously on SBS 2003 with ISA, we would use a cheap consumer grade modem.
What do you use? brand, model, why and cost?
The main requirements are:
Ability to allow / deny services based on AD Username, AD Group, and IP
address (EG: maintenance group doesn't have internet access, sales have
restricted (whitelist) access, management is unrestricted - except for
bob who has none... etc);
Ability to allow / deny services based on time (EG: facebook is
accessible, but only between 12-1pm)
Ability to create some sort of reports for websites visited, traffic
reports (why did IP x.x.x.x send 12Gb of data in the last month?).
Preferably:
Managed by use, as opposed to a third party;
Windows based (we a solely a MS shop)
Caching of websites
Like I said... we are investigating using ISA 2006, as this fits all the
requirements, but just looking what else is possible.
|
|
0
|
|
|
|
Reply
|
 Steven
|
3/27/2010 7:13:14 AM |
|
Rather than use ISA 2006, I'd be inclined to use the newer version, TMG
2010. (Threat Management Gateway is the new name for ISA)
It does require a 64-bit version of Windows underneath, but it has some
really nice new features, including support for dual WANs, either as
failover or load balancing.
--
Charlie.
http://msmvps.com/blogs/russel
"Steven Andrews" <Applecontrolreset@hotmail.com> wrote in message
news:OS9ei0XzKHA.4384@TK2MSFTNGP06.phx.gbl...
> Hi guys and girls
>
> When selling SBS2003, ISA was an awesome product. We love the ability to
> block AD users / AD Groups or individual PCs from certain services,
> websites, etc.
> Since 2008 doesn't include ISA, we are looking for alternatives.
>
> We are looking at using ISA 2006, and the effect on costs, etc, vs using a
> hardware device or other software.
>
> Previously on SBS 2003 with ISA, we would use a cheap consumer grade
> modem.
>
> What do you use? brand, model, why and cost?
>
> The main requirements are:
>
> Ability to allow / deny services based on AD Username, AD Group, and IP
> address (EG: maintenance group doesn't have internet access, sales have
> restricted (whitelist) access, management is unrestricted - except for bob
> who has none... etc);
> Ability to allow / deny services based on time (EG: facebook is
> accessible, but only between 12-1pm)
> Ability to create some sort of reports for websites visited, traffic
> reports (why did IP x.x.x.x send 12Gb of data in the last month?).
>
> Preferably:
>
> Managed by use, as opposed to a third party;
> Windows based (we a solely a MS shop)
> Caching of websites
>
> Like I said... we are investigating using ISA 2006, as this fits all the
> requirements, but just looking what else is possible.
|
|
|
0
|
|
|
|
Reply
|
Charlie
|
3/27/2010 3:59:33 PM
|
|
If you like ISA that much, consider a firewall appliance running
ISA-- they do exist. I've never actually tried one, but it might be
worthwhile.
"Steven Andrews" <Applecontrolreset@hotmail.com> wrote in message
news:OS9ei0XzKHA.4384@TK2MSFTNGP06.phx.gbl...
> Hi guys and girls
>
> When selling SBS2003, ISA was an awesome product. We love the ability to
> block AD users / AD Groups or individual PCs from certain services,
> websites, etc.
> Since 2008 doesn't include ISA, we are looking for alternatives.
>
> We are looking at using ISA 2006, and the effect on costs, etc, vs using a
> hardware device or other software.
>
> Previously on SBS 2003 with ISA, we would use a cheap consumer grade
> modem.
>
> What do you use? brand, model, why and cost?
>
> The main requirements are:
>
> Ability to allow / deny services based on AD Username, AD Group, and IP
> address (EG: maintenance group doesn't have internet access, sales have
> restricted (whitelist) access, management is unrestricted - except for bob
> who has none... etc);
> Ability to allow / deny services based on time (EG: facebook is
> accessible, but only between 12-1pm)
> Ability to create some sort of reports for websites visited, traffic
> reports (why did IP x.x.x.x send 12Gb of data in the last month?).
>
> Preferably:
>
> Managed by use, as opposed to a third party;
> Windows based (we a solely a MS shop)
> Caching of websites
>
> Like I said... we are investigating using ISA 2006, as this fits all the
> requirements, but just looking what else is possible.
|
|
|
0
|
|
|
|
Reply
|
Andrew
|
3/27/2010 9:23:00 PM
|
|
This is a multi-part message in MIME format.
------=_NextPart_000_0019_01CACE7B.0DE98EF0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
If you want something with AD Integration and provides not only the =
security features of ISA but Universal Threat Management (UTM) like AV, =
Spam Managment, Anti-Malware, Content Management, etc. I'm a big fan of =
Calyptix Access Enforcer. No per user licensing, like some other UTM =
devices
--=20
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"Steven Andrews" <Applecontrolreset@hotmail.com> wrote in message =
news:OS9ei0XzKHA.4384@TK2MSFTNGP06.phx.gbl...
Hi guys and girls
When selling SBS2003, ISA was an awesome product. We love the ability =
to block AD users / AD Groups or individual PCs from certain services, =
websites, etc.
Since 2008 doesn't include ISA, we are looking for alternatives.
We are looking at using ISA 2006, and the effect on costs, etc, vs =
using=20
a hardware device or other software.
Previously on SBS 2003 with ISA, we would use a cheap consumer grade =
modem.
What do you use? brand, model, why and cost?
The main requirements are:
Ability to allow / deny services based on AD Username, AD Group, and =
IP=20
address (EG: maintenance group doesn't have internet access, sales =
have=20
restricted (whitelist) access, management is unrestricted - except for =
bob who has none... etc);
Ability to allow / deny services based on time (EG: facebook is=20
accessible, but only between 12-1pm)
Ability to create some sort of reports for websites visited, traffic=20
reports (why did IP x.x.x.x send 12Gb of data in the last month?).
Preferably:
Managed by use, as opposed to a third party;
Windows based (we a solely a MS shop)
Caching of websites
Like I said... we are investigating using ISA 2006, as this fits all =
the=20
requirements, but just looking what else is possible.
------=_NextPart_000_0019_01CACE7B.0DE98EF0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META name=3DGENERATOR content=3D"MSHTML 8.00.6001.18876">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D2 face=3DArial>If you want something with AD =
Integration and=20
provides not only the security features of ISA but Universal Threat =
Management=20
(UTM) like AV, Spam Managment, Anti-Malware, Content Management, =
etc. I'm=20
a big fan of Calyptix Access Enforcer. No per user =
licensing, like=20
some other UTM devices</FONT></DIV>
<DIV><BR>-- <BR>Cris Hanna [SBS - MVP] (since 1997)<BR>Co-Contributor, =
Windows=20
Small Business Server 2008 Unleashed<BR><A=20
href=3D"http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/=
0672329573/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967=
&sr=3D8-1">http://www.amazon.com/Windows-Small-Business-Server-Unleas=
hed/dp/0672329573/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D121=
7269967&sr=3D8-1</A><BR>Owner,=20
CPU Services, Belleville, IL<BR>A Microsoft Registered=20
Partner<BR>------------------------------------<BR>MVPs do not work for=20
Microsoft<BR>Please do not submit questions directly to me.<BR></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; =
PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV>"Steven Andrews" <<A=20
=
href=3D"mailto:Applecontrolreset@hotmail.com">Applecontrolreset@hotmail.c=
om</A>>=20
wrote in message <A=20
=
href=3D"news:OS9ei0XzKHA.4384@TK2MSFTNGP06.phx.gbl">news:OS9ei0XzKHA.4384=
@TK2MSFTNGP06.phx.gbl</A>...</DIV>Hi=20
guys and girls<BR><BR>When selling SBS2003, ISA was an awesome =
product. =20
We love the ability <BR>to block AD users / AD Groups or individual =
PCs from=20
certain services, <BR>websites, etc.<BR>Since 2008 doesn't include =
ISA, we are=20
looking for alternatives.<BR><BR>We are looking at using ISA 2006, and =
the=20
effect on costs, etc, vs using <BR>a hardware device or other=20
software.<BR><BR>Previously on SBS 2003 with ISA, we would use a cheap =
consumer grade modem.<BR><BR>What do you use? brand, model, why and=20
cost?<BR><BR>The main requirements are:<BR><BR>Ability to allow / deny =
services based on AD Username, AD Group, and IP <BR>address (EG: =
maintenance group doesn't have internet access, sales have =
<BR>restricted=20
(whitelist) access, management is unrestricted - except for <BR>bob =
who has=20
none... etc);<BR>Ability to allow / deny services based on time (EG: =
facebook=20
is <BR>accessible, but only between 12-1pm)<BR>Ability to create some =
sort of=20
reports for websites visited, traffic <BR>reports (why did IP x.x.x.x =
send=20
12Gb of data in the last month?).<BR><BR>Preferably:<BR><BR>Managed by =
use, as=20
opposed to a third party;<BR>Windows based (we a solely a MS =
shop)<BR>Caching=20
of websites<BR><BR>Like I said... we are investigating using ISA 2006, =
as this=20
fits all the <BR>requirements, but just looking what else is=20
possible.</BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0019_01CACE7B.0DE98EF0--
|
|
|
0
|
|
|
|
Reply
|
Cris
|
3/28/2010 6:32:04 PM
|
|
I was just thinking about this some more and wanted to add my own
question. One of the things we like most about ISA 2004 is the SQL logging.
Just last week we were asked to pull the logs for a user who left the
company (fortunately we still had SBS 2003 with ISA 2004 there); ISA makes
that easy. I just tried to set up a syslog server on a Sonicwall, and while
it's better than nothing, it doesn't seem to be quite as good as the ISA/SQL
combination. I feel as though I'm going back to ISA 2000's text logs. Can
anyone recommend a good syslog daemon with SQL integration so that I can
easily ask for every access from a particular workstation?
"Steven Andrews" <Applecontrolreset@hotmail.com> wrote in message
news:OS9ei0XzKHA.4384@TK2MSFTNGP06.phx.gbl...
> Hi guys and girls
>
> When selling SBS2003, ISA was an awesome product. We love the ability to
> block AD users / AD Groups or individual PCs from certain services,
> websites, etc.
> Since 2008 doesn't include ISA, we are looking for alternatives.
>
> We are looking at using ISA 2006, and the effect on costs, etc, vs using a
> hardware device or other software.
>
> Previously on SBS 2003 with ISA, we would use a cheap consumer grade
> modem.
>
> What do you use? brand, model, why and cost?
>
> The main requirements are:
>
> Ability to allow / deny services based on AD Username, AD Group, and IP
> address (EG: maintenance group doesn't have internet access, sales have
> restricted (whitelist) access, management is unrestricted - except for bob
> who has none... etc);
> Ability to allow / deny services based on time (EG: facebook is
> accessible, but only between 12-1pm)
> Ability to create some sort of reports for websites visited, traffic
> reports (why did IP x.x.x.x send 12Gb of data in the last month?).
>
> Preferably:
>
> Managed by use, as opposed to a third party;
> Windows based (we a solely a MS shop)
> Caching of websites
>
> Like I said... we are investigating using ISA 2006, as this fits all the
> requirements, but just looking what else is possible.
|
|
|
0
|
|
|
|
Reply
|
Andrew
|
4/3/2010 7:33:43 PM
|
|
Hello,
Thanks for your post and others' input.
In addition to Charlie's recommendation, more information can be found here about TMG 2010:
Forefront Threat Management Gateway (TMG) 2010
http://technet.microsoft.com/en-us/library/ff355324.aspx
In case you need, this document written by Microsoft MVP Eriq Oliver Neale outlines the steps necessary to install and configure ISA Server 2006 and to configure Windows
SBS 2008 to work with ISA Server 2006 as the external firewall.
Deploying Microsoft Internet Security and Acceleration (ISA) Server 2006 with Windows Small Business Server 2008
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7f341602-d2d0-45f5-bad0-bd5af3ed39fd
Hope this helps.
Best regards,
Robbin Meng(MSFT)
Microsoft Online Newsgroup Support
==================================================================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect website:
https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx
Please post your EBS related questions to the EBS newsgroup on Connect website:
https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx
If you want to use a newsreader other than a web forum to access these newsgroups,
please refer to the following blog to apply NNTP password and configure a newsreader:
http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-2008-newsgroups.aspx
==================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==================================================================
|
|
|
0
|
|
|
|
Reply
|
v
|
4/9/2010 8:31:35 AM
|
|
Eriq's document is quite useful, and should be useful for TMG 2010 as well,
though it isn't exactly the same steps. But conceptually the same.
--
Charlie.
http://msmvps.com/blogs/russel
""Robbin Meng [MSFT]"" <v-robmen@online.microsoft.com> wrote in message
news:$vp2U871KHA.2104@TK2MSFTNGHUB02.phx.gbl...
>
> Hello,
>
> Thanks for your post and others' input.
>
> In addition to Charlie's recommendation, more information can be found
> here about TMG 2010:
>
> Forefront Threat Management Gateway (TMG) 2010
> http://technet.microsoft.com/en-us/library/ff355324.aspx
>
> In case you need, this document written by Microsoft MVP Eriq Oliver Neale
> outlines the steps necessary to install and configure ISA Server 2006 and
> to configure Windows
> SBS 2008 to work with ISA Server 2006 as the external firewall.
>
> Deploying Microsoft Internet Security and Acceleration (ISA) Server 2006
> with Windows Small Business Server 2008
> http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7f341602-d2d0-45f5-bad0-bd5af3ed39fd
>
> Hope this helps.
>
>
>
> Best regards,
> Robbin Meng(MSFT)
> Microsoft Online Newsgroup Support
>
> ==================================================================
> Please post your SBS 2008 related questions to the SBS newsgroup on
> Connect website:
> https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx
>
> Please post your EBS related questions to the EBS newsgroup on Connect
> website:
> https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx
>
> If you want to use a newsreader other than a web forum to access these
> newsgroups,
> please refer to the following blog to apply NNTP password and configure a
> newsreader:
> http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-2008-newsgroups.aspx
> ==================================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ==================================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ==================================================================
>
>
>
|
|
|
0
|
|
|
|
Reply
|
Charlie
|
4/10/2010 2:46:17 PM
|
|
|
6 Replies
263 Views
(page loaded in 0.113 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
1975 articles. 
7 followers. 