[chillyjim]

There are two basic types of firewalls, packet filtering (Check Point, PIX, Netscreen) and proxying (ISA, Sidewinder). Web Caching is not an enterprise firewall feature, in the same manor anti-virus is not viable in an enterprise size firewall.

At no point did I say windows was not secuereable, that would be a different thread. I agree that it is, if you truly know what you are doing.

As for ISA taking over the security world it has an uphill battle for several reasons, some valid some not so valid

1. perception of MS being anti-security

2. Scalability, it doesn't scale to large enterprise very well

3. Interoperability -- The main reason to use ISA over anything else right now (not including HP's appliance) is the proxying features that tie into AD and NTLM Auth. If you have to support anything but Windows systems this functionality is a loss.

4. Manageability -- Ok I don't like the management interface even for one ISA server, I find it very confusing. Too many steps to do anything, much like Juniper's. That said it currently doesn't scale to managing multi-site ISA deployments.

For the record, I don't maintain my MCSE anymore but I do maintain my MS Security cert. I have also been a MS beta tester sense 1988. Vista is their first OS I haven't been involved with a major Beta of due to time restraints.

You will find I am an equal-opportunity OS complainer. Right now I mostly like my Mac Book Pro and OSX, but it still frustrates me. I really like the security model in NT, though the implementation isn't great. I am a big fan of the flexibility and scalability of LINUX and I really like the OS/HW tools available in Solaris. Most of all I think VMS was the best designed OS and would have been much happier with NT had they not went for a glitzy port of it and keep the VMS developers around post 4.0.

If you would like to discus pros and cons of asst'd non-CP firewalls and OS's there is an off-topic section of this forum available for such threads.