ISA Alternative.

BoomAM · 7 Sep 2011 at 11:59

Hi,
Without anyone coming back with "any firewall", can anyone suggest a good alternative to ISA that allows the website presentation in the same way that ISA does it?
And dont say TMG

Basically every firewall can firewall, can NAT, can route, etc; but i can only find ISA that will allow me to have multiple external addresses and multiple external domains per address, that then filter and pass through to the relevant internal servers.

There's got to be another product out there that does that...?

Thanks in advance all.

sidethink · 7 Sep 2011 at 14:47

It sounds like you are more interested in the Reverse Proxying features of ISA/UAG/TMG rather than firewalling. ISA is hard to compete with (in cost terms) when you consider all of the different jobs it can do (firewall, caching, two way proxying etc.), flexibility is probably its biggest selling point and also what draws the largets criticism from certain circles.

You also don't mention why you are dissatisfied with ISA - if used carefully it is an excellent product. Why do you want to change? Can you cope with potentially having separate boxes carrying out discrete tasks?

To answer your question though, there are a number of other Reverse Proxies available; Barracuda Web Application Firewall and Citrix Netscaler ADC are two that I have seen used for this purpose. However, they won't do lots of the other things that ISA will do for you as well. There are lots of others; Bluecoat ProxySG, Netcache etc. These are normally pitched at outfits with performance problems but they all do reverse proxying.

As a cheaper alternative, you can configure Squid as a reverse proxy (amongst other things).

BoomAM · 7 Sep 2011 at 16:32

sidethink said:
You also don't mention why you are dissatisfied with ISA - if used carefully it is an excellent product. Why do you want to change? Can you cope with potentially having separate boxes carrying out discrete tasks?

Thanks for the info.
Its not that I'm/we're dissatisfied with ISA, its that I'm looking at alternatives so I'm not just plumping for TMG for the sake of it. Want to see if there's anything better out there.

One of the advantage of ISA is that it can hide a web server behind its own login screen rather than direct on the server being accessed. Can the products you have mentioned do that?

atomiser · 7 Sep 2011 at 18:08

the citrix netscaler application switch is a very versatile product, and yeah you can apply aaa to a lbvserver if you wish. we'll be using the netscalers to front all of our internet facing services in the future.

Nikumba · 12 Sep 2011 at 10:35

I have looked at alternatives for ISA but the price to features have found it can not be beaten

Kimbie

sushi · 14 Sep 2011 at 23:19

might want to take a look at BigIP from F5 networks.

wabbit347 · 15 Sep 2011 at 13:50

F5 products might do what you want, also might be worth having a look at Zeus's product lines. Their Local traffic manager might do what you need too.

Biffa · 16 Sep 2011 at 02:34

Astaro will do reverse proxying plus a hell of a lot more if you need it to.