Re: Switching IP address ranges

Tech-Archive recommends: Speed Up your PC by fixing your registry

Its ISA 2004.

I very happy to be using ISA and a standard managed AV product like Sophos
but any security company I spoke with laughed at me.

For this one site the security is vital and the fact another company is
taking a contractual responsibility for it is worth it extra headache.

The last thing I needed was a lawsuit after the clients spoke to a security
company who said what I proposed was not good enough.

I really appreciate all the feedback and I do notice that so far no one has
ever agreed with the security companies standpoint!

P.S. They claim their product uses Deep Packet Inspection where as an ISA
server would only be a SPI firewall which is a generation out of date. I said
I thought ISA was a DPI firewall they said I didn't know what I was talking
about.

"Gabriel C. Stan" wrote:

I agree that changing from ISA to SonicWall is a bad move, but just for the
sake of argument, which ISA version are you running?
There is nothing that SonicWall can do better than ISA 2004 can and to add
to SBS any Anti-whatever will cost a fraction of what SonicWall costs.
Even if you use SBS for email only, which you may not otherwise why SBS
Premium, then you will end up with double firewall and double management.
SonicWall is using McAfee technologies if Anti-Whatever is what you need
then why not just license it from them.
Are you sure that the vendor with proper VPN requirements is not you?

Quote:
2 - The IP adddress can not be 16.X as I manage multiple sites and I already
have a sonicwall product on 16.x and it would prevent them been able to
correctly manage both of my produces (apparantly)

"Paul Bishop" wrote:

Thanks to everyone for their answers -

Just to quickly add further to many points raised

1 - The sonicwall is within my main network because it provides managed
antivirus and antispyware as well as secure VPN access. (The vendor does not
accept SBS's VPN as been a "proper" VPN)

2 - The IP adddress can not be 16.X as I manage multiple sites and I already
have a sonicwall product on 16.x and it would prevent them been able to
correctly manage both of my produces (apparantly)

Thanks for the advice and keep it comming :D

"Andrew M. Saucci, Jr." wrote:

Another possibility is simply to place the Sonicwall in between
the Internet and the SBS's WAN card rather than disrupt the entire network.
I have changed LAN IP subnets more than once on some relatively small SBS
networks and it is tedious work with LOTS of potential for error. If you do
this, be sure to shut off your cellular phone and expect an evening of total
down time, even if you can use the SBS 2003 Change LAN IP wizard, which I
imagine does a decent job of fixing the SBS but may not cover the rest of
the LAN well,depending upon what's there. You'll have to take an inventory
of every IP device on the network. Even at that, chances are some detail
will be overlooked. I would not do this without a very good reason. (My
reason was inter-client VPN capability; I just have to be able to VPN from
any of my clients to any other client, and that requires that they all have
unique LAN subnets.)

And yes-- if the Sonicwall can't be reconfigured for 192.168.16.x,
then it's almost worthless. Even a $50 router has the capability of picking
a new LAN IP subnet. I'd change the Sonicwall before changing anything else.

"Paul Bishop" <PaulBishop@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0ABF7248-CFD2-422E-8DAA-8EF2C056798A@xxxxxxxxxxxxxxxx
Hi there,

I am having a security device added to one of my small business networks
which requires me to change the I.P. address range on my SBS network from
192.168.16.x to 192.168.Something else.x - sorry for the terible notation
and spelling ;)

I am using SBS Premium which currently uses ISA but ISA will be replaced
with the sonicwall and my SBS will be in Single NIC mode.

Anyone got ny hints on the best way for a smooth transition?



.

Relevant Pages

  • Re: Switching IP address ranges
    ... ISA Server performs deep inspection of Internet ... inspection of all VPN traffic. ... Forth just because SBS is cheap it does not mean is bad. ... I used to believe on solid state firewalls (which SonicWall is not) but they ...
    (microsoft.public.windows.server.sbs)
  • Re: Security experts criticize an SBS installation
    ... If I had a dime every time some two bit "security expert" thought Microsoft products were insecure I'd have a lot of dimes and a lot of folks that haven't looked at Microsoft products since WinNT. ... I have a GSEC security credential, volunteer for the Center for Internet Security and know that my security of my network is based more on the lack of control of my workstations than it is with that ISA box. ... I cannot, to the best of my knowledge, remember a SBS box that has been hacked when the passwords are long/strong/secure, the box is patched, and the workstations are configured based on the risk of each person. ... But a SBS server ..even with that "so called" hacked in umpteen minutes ISA server ...Get him to tell you in details how he hacked into ISA server. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA and SonicWall (was Cannot connect through ISA Server to www.microsoft.com)
    ... Sonicwall does not include application-layer filtering, and it doesn't directly integrate with Active Directory. ... My only knowledge of SBS 2008 is from what's been published, but I thought it was established that ISA was not going to be included or supported running on the SBS itself. ... Some of the better firewall features only come with their Enhanced firmware, ...
    (microsoft.public.windows.server.sbs)
  • Re: The difference between ISA and SBS. Where is the security?
    ... In a small buisness there isn't any need for high security, hence SBS. ... standalone ISA server. ... Also SBS is *Small* Business Server. ...
    (microsoft.public.isa)
  • Re: security for Exchange & SBS
    ... non-profit and have pulled these guys from the stone-age (P2P network over ... manually altered the rules in ISA in any way that lessens the security. ... collectively have hundreds or thousands of customers using SBS. ...
    (microsoft.public.windows.server.sbs)