Re: Firewall on a single NIC SBS2003 Standard edition

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Les Connor (les.connor_at_DEL.cfive.ca)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 18:54:50 -0500

You can't beat a second nic and the built in firewall for 'bang for the
buck' (ok, 20 bucks), or for ease of
administration/configuration/reliability. So if cost is driving the choice,
that's your answer.

If security carries more weight cost, but cost is still a factor, then add
ISA (SBS Premium). You can't get better protection or integration at the
price point, and SQL Server is thrown in to sweeten the deal ;-). 

-- 
Les Connor [SBS Community Member]
-------------------------------------
SBS Rocks !
"DonDinCT" <DonDinCT@discussions.microsoft.com> wrote in message 
news:DF00E6D5-1AFF-4965-BED4-39021A73B866@microsoft.com...
> Thanks for the great input !!!!
>
> Lanwench:  Great call on the DHCP/DNS issue !!
>
> Heiko: Tell me more about the Linus firewall, it's a technical experiment
> I've wanted to try for a while.  I have an older PC that I could dedicate 
> to
> that.
>
> Frank:  I've had good luck with several Linksys BEFX41
> broadband/firewall/VPN endpoint routers.  I also use ZoneAlarm software
> firewalls on all PC's/Workstations.  I've spent many hours looking at the 
> sub
> $500 broadband routers and firewalls, but haven't seen anything that 
> appears
> to be significanty better that the BEFX41/ZoneAlarm combination. The 
> clients
> I've set up are very cost sensitive. I looked at the Cisco 831 for about
> $$450, but I didn't see how it was worth five times the cost of the 
> BEFSX41.
> I looked at the Cisco Pix 501, and if it could make a bradband connection 
> to
> an ISP, it would be a great all in one unit, but alas, it can't, and it's
> just a firewall appliance.   I'm open to suggestions on other hardware
> routers/firewalls.
>
> Thanks
> D
>
> "DonDinCT" wrote:
>
>> Thanks Frank
>>
>> I don't want the workstations to have to go through the server to get to 
>> the
>> internet.  I let the router DHCP dish out it's info to the workstations 
>> and
>> the server.  I prefer this method since the internet connction for the
>> workstations is not governed by the server, and if the server goes down, 
>> or
>> needs maintainance, I can tell users that the internet is still up, but 
>> the
>> server is temporarily down for maintainance.  It just seems sad, that I 
>> can't
>> use the firewall in in a single NIC solution, but it appears that's how 
>> it
>> is.  I'm using Sygate Firewall on my server at this point.
>>
>> "Frank McCallister SBS MVP" wrote:
>>
>> > In order to use the SBS Firewall the Workstations must access the 
>> > outside
>> > world thru the SBS. See setup in
>> > http://www.smallbizserver.net/Default.aspx?tabid=52 (Ignore the ISA 
>> > parts
>> > for Standard)
>> >
>> > -- 
>> > Frank McCallister SBS MVP
>> > COMPUMAC
>> > "DonDinCT" <DonDinCT@discussions.microsoft.com> wrote in message
>> > news:893C9090-6D44-4238-915E-4DA094184703@microsoft.com...
>> > > After reading many post and tech notes, I've come to the conclusion 
>> > > that
>> > > an
>> > > SBS2003 server (standard edition), with one NIC, will not 
>> > > install/run,
>> > > it's
>> > > firewall.  Tell me if i'm wrong on this!  I've got a basic broadband
>> > > connection with a linksys router doing NAT and DHCP.  The server sits 
>> > > on
>> > > the
>> > > LAN side with a static local IP.  I wanted to use the internal 
>> > > firewall to
>> > > protect the server on the local LAN.  Everything I read says that the
>> > > firewall will not run without two NICs....
>> > >
>> > > Two questions:
>> > >
>> > > 1. Can I install a second NIC as a placeholder (and not connect to 
>> > > it), to
>> > > get the firewall feature for the LAN side NIC ?
>> > > 2. Has anyone gotten the firewall runnig with a single NIC server ?
>> > >
>> > > PS... I've installed Sygate Personal Firewall as an intrim solution.
>> > >
>> > > Thanks
>> > > D
>> >
>> >
>> >

Relevant Pages

  • Re: SBS VPN setup?
    ... And if you have a hardware firewall you haven't flashed in years they just got in through a exploit. ... SBS plugs into a switch with the other computers and the switch is plugged into a firewall appliance with 2-nics. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ... > learn and test the RWW solution before deploying it. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN setup?
    ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet on nodes
    ... disabled state (someone please confirm this for SBS Standard, ... firewall service should result in 'ISA lockdown'. ... print' from both the server and a WS. ... Was not able to connect to the internet on the WS. ...
    (microsoft.public.windows.server.sbs)
  • Re: ceicw failure on e-mail config
    ... Merv Porter [SBS MVP] ... Ethernet adapter Server Local Area Connection: ... Call to Reading the firewall selection returned ok. ... Firewall Rule: SBS DHCP Client ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall on a single NIC SBS2003 Standard edition
    ... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
    (microsoft.public.windows.server.sbs)