RebateMonger
Elite Member
- Dec 24, 2005
- 11,588
- 0
- 0
(I'm MS Certified in ISA 2004). ISA 2004 is a Server-based firewall. It's a very good one and a very powerful one, but it isn't a client firewall. It won't keep a worm from spreading directly from one PC to another PC on the same subnet. It protects subnet from subnet, it protects from outside invasion, and it controls VPN and Wireless Clients. The ISA Firewall Client interacts with ISA to aid the client in its communication with ISA and allows ISA to control what the Client can and can't send and receive THROUGH ISA. Most companies don't even use the ISA Firewall Client, preferring the much-simpler NAT client or Proxy client that ISA also supports.Originally posted by: dclive....I don't think ISA Server 2004 is what most people would really consider a client-side firewall product in the same class as, say, Symantec Corporate FW.
I have little familiarity with non-Microsoft client firewalls, other than removing them every chance I get. They cause me nothing but headaches when maintaining Small Business Server Networks. The PC owner clicks on the wrong answer and starts blocking critical communications with the Server.
My personal preference is to stick with Microsoft's XP SP2 firewall. It blocks INCOMING stuff just fine. In theory, as long as all the PCs are controlling incoming packets, you won't get anything that spreads across your entire network. And it's simple to turn on the "Don't allow exceptions" switch when traveling with a laptop.
Unlike many other client firewalls, SP2 doesn't, by default, block anything necessary for a functional Windows Server network. It's easy to create Group Policies to open additional holes if you have 3rd-party software that needs them. I can't imagine TURNING OFF the client firewalls when the PCs are inside the network. That's just asking for a worm to run rampant inside the network.