Did you manage ISA Server 2004?
Posted by EntireFishing@reddit | vintagecomputing | View on Reddit | 37 comments
I've worked since 1997 in IT support at the managed service provider level. And ISA Server 2004 was one of the big products that I used to support clients from I guess 2004 to about 2008.
Now it seems like it's forgotten in history. Microsoft doesn't do any firewall products anymore. I decided to make a video about this, and it's on my YouTube channel if anybody's interested.
It was really the first sort of firewall I think I remember working on. Once its time had passed, i.e., when it wasn't in Small Business Server 2008, I'd shifted over to using Cisco ASA equipment.
aaronsb@reddit
Yes I had to deal with it. I had to implement it as a caching proxy server (I remember setting the group policy to update internet explorer to use the proxy server url) because our office internet sucked. Then, once that got overwhelmed because the proxy server's disk io bottlenecked, I had an excuse to set up an array of them, and I got to turn it into a load balancing egress router because the cisco router we had sucked at round robin. This was 20 years ago! 20! Ugh. I guess I'm old now.
RedOwn27@reddit
Same. We were out in the sticks and had satellite internet. It sucked! Latency was awful, massive gap to load any website... this was my solution. Caching ISA server.
EntireFishing@reddit (OP)
Okay well start with 20 years that was 2005. Seems like ages ago doesn't it? And then on the other hand it seems like only yesterday. Anyhoo. Come you went for an array of Isa servers rather than upgrading the connection? I don't mean I don't know how many people you are supporting at this point?
Round robin on Cisco Reuters. Did I get into that next? I certainly spent the next few years working on Cisco rooters. Lots of 800 series 1800 series Cisco ASA 5505 and 5510s.
The 800-1800 series reviews we're doing vpns and then the asas were doing the firewalling
aaronsb@reddit
It was a game development studio and everyone was always downloading resources for dev, so the caching server array made more sense. I remember buying a T1 WIC on ebay and ending up with a counterfeit module that actually was a re-flashed ISDN WIC. It took me a few days to figure out why it wouldn't work.
EntireFishing@reddit (OP)
Oh that's a sneaky move.
machacker89@reddit
is it me or does he look like a Emo version of Stewart from Big bang Theory
octahexxer@reddit
Isnt it hard to breath out of your nose with a piercing like that
EntireFishing@reddit (OP)
No not at all. It doesn't affect my breathing in anyway
mats_o42@reddit
Ran ISA 2004, TMG2006 and 2010.
Used to have fun with the Cisco "security" specialists asking how many critical CVE:s they had (TMG had none during the years I ran it)
EntireFishing@reddit (OP)
Well that's a very fair point. There were loads and if you didn't have a Cisco support contract on the piece of equipment, you couldn't get access to any updates. I always thought that was really out of order. Some security updates were available free but not all of them and not all the updates you needed either. That was one of the really good things with Microsoft's firewall set. You got all your updates
Norphus1@reddit
Yes, I managed ISA and its successor (Threat Management Gateway) in at least three different jobs. It worked well for what we wanted from it and we were quite pissed off when Microsoft killed the Forefront line in general.
EntireFishing@reddit (OP)
I never got to work with Threat Management Gateway because by then I'd moved on to Cisco ASA hardware. From the sound of it, it was quite good, then?
Norphus1@reddit
It was much the same as ISA 2006, it was just a rebrand. I liked both products well enough.
EntireFishing@reddit (OP)
Yeah I enjoyed the products too. As I said in my video I pretty much worked on version 2000 and 2004 because they were in the small business server product line. Then I went over to the Cisco devices routers for VPN, tunnels and ASA for firewalling. I did like Cisco iOS. I have to say I love the fact you could live change things with text commands and that you could paste in an entire config in one. Go to a device when you were configuring it. man did that Save some time
Savings_Art5944@reddit
I deployed many of them. I connected branch offices with them. I learned tons of firewall/networking/vpn knowledge that I carried on with. SBS was cool.
I had one that had all the logs for like 8 years of traffic.
I used it (ISA 2006) in my home lab up to 2017.
EntireFishing@reddit (OP)
Yeah, I connected branch offices with them as well and also connected them to things like SonicWalls. It was pretty good for site-to-site IPsec VPNs, wasn't it?
Kaldek@reddit
I wrote my SANS GCFW Gold certification submission on using ISA Server 2000 as an enterprise grade edge gateway.
I read it now some 24 years later and giggle a bit.
EntireFishing@reddit (OP)
Yes things have changed somewhat!
eulynn34@reddit
Yuup... I had an ISA2004 server at least partially in service until late 2021
EntireFishing@reddit (OP)
Well that's fascinating. How come it was still in place?
bingojed@reddit
I remember it, though I doubt I touched it much. I think I even had to take a test on it. Most of the places I worked at were using Novell BorderManager or some other solution.
EntireFishing@reddit (OP)
I never got to use that product. I was supporting companies that were between 10-100 employees in size around that time and because it was built into small business server 2003 it was a free firewall really and I decided to use it and learn how to use it
bingojed@reddit
Shoot, yeah, SBS is probably where I saw it. I installed SBS a number of times. Never a huge fan of it, though. I can’t even remember why anymore.
EntireFishing@reddit (OP)
I suspect because it was a Windows server that was running active directory services, DHCP, DNS, exchange server, SharePoint server, possibly SQL server and ISA server. All of those on one box meant things broke a lot
bingojed@reddit
I think it was a “shove a wizard down your throat” to do anything, rather than native Win Server tools. The server version of Microsoft Bob or Clippy.
EntireFishing@reddit (OP)
Yeah I found my interesting as well. I rarely use the wizards to be honest because I wanted to do it in the separate MMCs. And also because I supported individual window service so I didn't need the wizard in order to know how to do XYZ. Was that product aimed at the good it person in a business or was it meant technical people? I often wondered because the whole wizard thing didn't really suit it for technical people, but on the other hand, if you didn't use some of the wizards, sometimes it didn't build stuff properly such as redirected folders and things like that. So you were supposed to use them but you know what us technical people Are like!
bingojed@reddit
Yeah, I recall some things were handicapped a certain way to they kind of forced you into the wizards, but the wizards were also kinda broken, and additionally forced sharepoint and other stuff many small businesses weren’t using. SBS was a good financial savings, but a crap product.
EntireFishing@reddit (OP)
I think that's a fair observation. It was financially excellent value for money but very much a product that shouldn't have existed because it lumped together servers that weren't meant to run on top of each other into one box. Probably at the height of its popularity when I was working. We were looking after somewhere in the region of 60 small business servers at once yeesh
sharpied79@reddit
Only in premium edition.
Standard SBS2003 did not include it...
EntireFishing@reddit (OP)
Yes that is exactly right. I actually reference that edition in my video.
sharpied79@reddit
It was shite, proxy 2.0 was better 😉
EntireFishing@reddit (OP)
NT fan, 😜
smiffer67@reddit
Nope. I did the one before it that ran on NT 4 I can't remember what it was called but it was crap but it worked.
Breezeoffthewater@reddit
I remember it well. The first day of my new job the ISA server was down and no-one could access the internet. Turned out to be a lack of disk space. Fun times!
EntireFishing@reddit (OP)
Ah yes. Windows is funny like that wasn't it. You could run it down to 0kb and it would still work. Badly and services wouldn't restart etc. But it wouldn't blue screen or crash the operating system. It would sit there with no disk space. I can remember on certain servers. I would always keep a empty file that was a gigabyte in size so it should it ever get out of disk space. I could delete that file off and get the server recovered.
I know that sounds like I should have had monitoring software in place and I did but they were busy times and sometimes things got missed
ykkl@reddit
Haha, I still do that in a lot of my environments!
EntireFishing@reddit (OP)
Well I let the hard way once when I had an ESXI server run out of disk space and it locked out of VMDK file. We were able to recover piecemeal bits and pieces, but we did lose some data for the customer. For some reason the backup hadn't been configured. I must have been overlooked. I felt pretty bad about it. I was even sent by my managing director to tell the customer we lost his data which wasn't a lot of fun and I thought it was pretty mean of him. After that I always had a gigabyte file on on any esxi server so that I could release this space on a LUN if something was suddenly taking up all the space.