Why is ISA bad with e-mail?

Hi, Roberta. What do you mean when you say it's a bad idea to use ISA with e-mail? SBS comes with only one option to run both services on one box. Are there any other options? Thanks!
It's always a bad idea to run any services on your firewall. A firewall should block access to machines on your network and it's always difficult to correctly configure the firewall to block access to services that may be running on the same computer as the firewall.

However, as you say, SBS comes with both Exchange and ISA Server -- and you can't separate them. In fact, opinion is split just about equally among SBS gurus, use ISA on SBS, or don't use it and provide instead a hardware-based firewall for your network. Personally, I'd do the former, but I recognize the need to reduce expenses -- and I do run a personal firewall on my laptop when I'm away from the office. This is, however, a far cry from running the mail server on the same system.

If running ISA Server on your SBS server is the solution you've decided upon, go for it. It can provide solid protection. However, if something does knock over the ISA Server, the attacker has your e-mail server (and your domain controller). In a network with a separate firewall, the attacker would have to take another step to reach them, and that might just give you the time you need to disconnect from the Internet and fix the firewall.

Dig Deeper on Enterprise software

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.