2006 ISA Firewall New Feature Contest
ISA 2006 is soon going to be available to the general public and this is a good time for you to get to know the new and improved features included in the new ISA firewall. At this time, the www.microsoft.com/isaserver site isn’t providing much information about what’s new and cool in the ISA firewall, so it’s hard to determine whether it’s worth the upgrade. I’ll tell you now, the new ISA firewall is worth the upgrade!
How do I know? Because I’ve identified over 40 new or improved features included in the 2006 ISA firewall. That’s forty reasons for you to upgrade. But do you know what those new features are? You won’t find them in the Help file that comes with the ISA Server 2006 downloadable trial version, and you won’t find them anywhere on the Microsoft Web site. You’re going to have to figure them out on your own or wait until our ISA Server 2006 book comes out later this year.
Until then, I want to motivate you to find these new features yourself. First, download the Trial version of the new ISA firewall and get it installed. Download the Enterprise Edition because that’s the one with the most new and improved features (although SE has a lot of new and improved stuff too!). Then identify at least 20 new and improved features and email me that list.
If you’re one of the first three people to email me a list of 20 or more new and improved features seen in ISA 2006, I’ll send you a copy of our ISA 2006 book when it comes out, or if you can’t wait, I’ll send you a copy of our new ISA 2004 book (Cheating at Configuring ISA Server 2004).
Send your list of new and improved features to tshinder@isaserver.org
Thanks!
Tom
Diego Pietruszka Says:
August 8th, 2006 at 1:09 pm
- Better AD integration
- Better compression scheme
- New policy tools
- Auto Configuration features
- Better support for Monad scripting
- New MOM management pack
- Improved Attack alerts
- Better Attack detection tools
- The server publishing is much better
- Owa wizard publication
- Digital certificates
- Publishing exchange ask for exchange version
- Web farm publishing
- Include a 64 bits client
- Sharepoint tools
- Branch office functionality
- Flood and Worm Resiliancy
- BITS caching
- You need to do mork work to configure a Web Listener
- Better than ever (I hope this one count)!
Steven Hope Says:
August 9th, 2006 at 6:03 am
There are some “new” features that have also been put back into ISA 2004 in SP2, which I think more people should know about. So, apart from:
- BITS caching
- HTTP compression (with fixes)
- Bandwidth management for HTTP (which isn’t used much)
… ISA 2006 also has:
- Flexible forms based authentication filter (not just for exchange)
- More wizards for publishing SharePoint
- Updated wizards to include RPC/HTTP (oops, Outlook Anywhere access as its now called)
- Web single sign on
- RADIUS one time password authentication - saves the bacon of 2 factor auth companies
- User objects allowed from LDAP namespace
- VERY flexible authentication delegation e.g. forms/basic/certificate to Kerberos (and many more combinations)
Strange new things:
- For some bizarre reason a “Server publishing rule” is now a “non-web server protocol publishing rule” - sheeeesh!
- There is no longer a “Firewall Client” option in the setup, it’s just vanished. The binaries don’t seem to be included in the serve install either but there is a client folder on the installation CD - MSFT, why did you do this???
I don’t want to focus on the dark side as ISA 2006 is great, but we are still missing:
- 1:1 NAT - for some reason MS don’t realise that every other firewall, even low cost silly ones, can do this and ISA needs to also!
- VPN access based on VPN protocol (either PPTP or L2TP/IPSEC), you can do this already in RRAS but not in ISA.
- AES encryption for VPN’s - again MS need to play catch up on the basic infrastructure.
- Central management for ISA SE
- Simple certificate wizard for requesting certs and generation self signed ones, a bit like SBS and Exchange 2007 can do.
It’s not 20 I know, but I’ve already got the book
Steven Hope
Architectural Consultant
ViRCOM
Microsoft Gold Certified Partner
Web: www.vircom.co.uk
Email: steven@vircom.co.uk
Blog: http://spaces.msn.com/members/stevenhope
Thomas Shinder Says:
August 9th, 2006 at 7:07 am
Hi Deigo,
Close, but you need to be more specific on many of these. Check the email I sent to the mailing list.
Tom
Thomas Shinder Says:
August 9th, 2006 at 9:02 am
OK, folks. We have one winner already. There are still two more books to win!
Thanks!
Tom
Sam Price Says:
August 9th, 2007 at 2:30 pm
ISA 2004 seemed the business after ISA 2000. The upgrade to ISA 2006 has made ISA 2004 start to seem a bit holey and unfinished. ISA 2006 fills in many of these gaps nicely. Here follows my (slightly plagiarised) list of swanky new ISA 2006 features…
Support of secure LDAP authentication rather than sniffable LDAP support
LDAPS for publishing authentication for to multiple forests making LDAP auth a secure, slick, and simple replacement for RADIUS/ RADIUS proxy services
Built in wizard for Exchange 2007 publishing
Built in wizard for Microsoft SharePoint publishing
Return of the VPN wizard, for branch office connections etc
VPN unattended answer file support
Supports single sign-on, if you visit web sites in the same domain and by the same web lisener you’ll use cached credentials rather than having to re-authenticate
Cross-Array link translation allowing published web sites across multiple arrays with global entries within the link translation dictionary
Ability to perform website load balancing on the cheap
Forms based authentication for all published web sites
Support for password changes on the log in page
Log on form warns users about pending password expiration
Better support for hardware SSL kit when using ms network load balancing
Lets you add multiple VIP’s through the web interface rather than having to configure your NIC
Improved flood resiliency, i.e. more options
Log throttling to protect the server from DOS against itself
Web Publishing Load Balancing with cookie-based affinity for Integrated NLBS
Better certificate management and Link translation
Support for published configuration storage servers
Improved MOM management pack
Logging supports logging the referring server for connections made to published servers
And for good measure, some things that have been removed…
ISA 2006 drops support for Windows 2000 as the host platform (no great loss there then)
ISA 2006 isn’t yet EAL4+ certified (come on ISA 2006, you can do it!)
Apologies to any writers of ISA books who may have been plagiarised in the making of this post…. at least I’ve bought your other books, which continue to save my bacon on most ISA installations!
Kind Regards
Sam
Tom Shinder Says:
August 9th, 2007 at 4:10 pm
Hi Sam,
It’s a great list! The contest has been over for awihle though
Tom
Sam Says:
August 13th, 2007 at 9:11 am
I’ve got to stop drinking and computing, it doesn’t seem to be a productive combination
I’ve just spotted the book on Amazon so will toddle off to get it.
All the best,
Sam