Re: Two nics or firewall appliance if a dynamic ip address?

ISA really needs a static IP which an appliance will provide.

--
/kj
"Owen Williams" <Owen@xxxxxxxxxxxxxxxxxx> wrote in message
news:MPG.1e797ab88b8acc9698971b@xxxxxxxxxxxxxxxxxxxxx
Ray:

You will get a variety of opinions about this because there is no one
"right" way. If you use 1 NIC on the server, you absolutely must have
an external firewall. If you use two NICs and have SBS Premium with
ISA, theoretically you can get away without an external firewall, but
most SBS practitioners still recommend as a layered defense.

I have used both configurations. My early ones were single-NIC and I
have lately been moving to two-NIC. Functionally (from the standpoint
of the average user) they almost indistinguishable. However, the two-
NIC approach does offer a few advantages in addition to enhanced
security, such as more extensive Server Usage Reports with either Basic
or ISA firewall enabled. (You can't enable these in a 1-NIC scenario.)

-- Owen Williams

In article <1141876898.182491.195470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
walker18720@xxxxxxxxx says...
Hi all,

I'm a relative SBS newbie (a lot of book learnin' but not a lot of
real-world..) and have come into an SBS 2003 Standard with:

* one nic
* only NAT on the router as a "firewall"
* users (5) using pop
* a dsl service that includes a *dynamic* ip address (could move up to
static for $40 more per month - ouch)

I want to give them a real firewall solution and set the users up with
Exchange.

To get around the dynamic ip address I plan to use the DNS2Go Dynamic
DNS service.

I read the great posts here on switching from pop to Exchange which I'm
going to follow.

I was considering adding a nic and setting this box up the "SBS way"
with the included firewall. But would the two nic solution work with
the DNS2Go Dynamic DNS service?

Or should I just use a hardware firewall like a SonicWALL instead of
the two nic solution in this case?

Thanks in advance for any ideas!

Ray




.

Relevant Pages

  • Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
    ... NICs at GB speed. ... So what happens when the server and the workstations are on the same ... Les Connor [SBS MVP] ... PMTU that ISA Server installation disabled. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 1002 Premium R2 Mangling Port Issues
    ... For solutions like forefront, I am unsure why MS is not using the Windows ... When we use the term "hardware" firewall, ... The direction now is hardware firewall in front of SBS. ... NIC or 2 NICs) did you finally end up with? ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 1002 Premium R2 Mangling Port Issues
    ... I will leave ISA out of the equation in that case. ... NIC or 2 NICs) did you finally end up with? ... the WAN NIC so there's only one NIC in the SBS (and then re-run CEICW ... port forward 8016 to the "external" SBS NIC IP ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN setup?
    ... wouldn't need ISA, so that is completely gone in the matter. ... are you referring to a firewall device hardware type, ... I prefer SBS 2k3 without ISA. ... outlined above...and the firewall appliance is an ISA server, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 + TS. HELP needed URGENTLY please!
    ... matter) about the routing table the ISA client will be intercepting calls. ... even without the ISA client on the TS (and depending on use it may ... SBS remote support services. ... The SBS server has 2 nics configured with ISA and a public IP I shall ...
    (microsoft.public.windows.server.sbs)