A few people have asked me in the last month whether it would be OK to run SQL server on the ISA firewall for logging and reporting. In general, I think if you want to use SQL logging, you should do it off-box since SQL can generate quite a performance hit. But if you have an adequately powered box and it’s not under heavy memory, disk, and processor load, you might give it a try. From a security perspective it should be no different from running on-box MSDE logging, and since the ISA firewall is the most protected and secure machine on your network, its extremely unlikely that someone is going to successfully attack your on-box SQL server.
However, there are some issues with log on credentials that you might want to know about before deploying this configuration. However, instead of me taking credit for someone else’s nice tip, I’ll send you over to the ISA Server Team Blog to get the answer. You’ll find it at:
Thomas W Shinder, M.D.
MVP — ISA Firewalls