Re: firewall for SBS Standard network

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Dana Epp <dana@xxxxxxxxxxx>
Date: Mon, 24 Apr 2006 15:31:22 GMT

Personally I don't think the RRAS firewall is enough on SBS Standard. Although it functions as expected, you have no real log auditing capabilities to KNOW if something is going wrong. This is a significant weakness if you ask me. On top of that, it is very difficult to associate strong rule-based security policies on the firewall as its not as clean as ISA 2004. For the price difference, seriously consider upgrading to Premium. For the value you get, it will probably be cheaper than buying a hardware firewall. And you will get the bonus of also getting SQL server on top of ISA 2004.

If you feel you must get a hardware firewall, I would recommend the Sonicwall TZ170. We use that (with the enhanced OS) to support our two-factor authentication needs and it has been great. Whatever firewall you get, make sure it supports both ingress and egress filtering. In other words, that you can set security policies to block both incoming and outgoing connections to properly control access control to minimize the impact of potentially hostile intent by both trusted and untrusted users. Those $50-$99 Netgear and Linksys NAT routers just won't cut it. Forget about them.

YMMV of course. Good luck.

---
Regards,
Dana Epp [Security MVP]
http://silverstr.ufies.org/blog/

TBW wrote:

Is there any consensus as to whether or not the firewall functionality native to SBS 2003 Standard Edition (i.e., NAT plus RRAS) is sufficient? Some users and admin will be connecting to the network from the Internet.

Especially if it's thought to be a necessity, which firewall appliances work well with SBS (i.e., which ones allow one to take advantage of SBS's capability to configure hardware routers)?

Thanks!

TW

Prev by Date: Re: Exchange 2003 stops sending and receiving external emails every night
Next by Date: Need to rebuild my SBS 2003 Premium Server
Previous by thread: Exchange 2003 stops sending and receiving external emails every night
Next by thread: Re: firewall for SBS Standard network
Index(es):
- Date
- Thread

Relevant Pages

Re: ISA 2004 and SBS websites
... And that one if left enabled will keep the firewall service ... Call to Reading hardware selection returned ok. ... Call to Reading web publishing selection returned ok. ... Call to Notifying client setup for Default gateway as the SBS server ...
(microsoft.public.windows.server.sbs)
Re: ceicw failure on e-mail config
... Merv Porter [SBS MVP] ... Ethernet adapter Server Local Area Connection: ... Call to Reading the firewall selection returned ok. ... Firewall Rule: SBS DHCP Client ...
(microsoft.public.windows.server.sbs)
Re: SBS VPN setup?
... And if you have a hardware firewall you haven't flashed in years they just got in through a exploit. ... SBS plugs into a switch with the other computers and the switch is plugged into a firewall appliance with 2-nics. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ... > learn and test the RWW solution before deploying it. ...
(microsoft.public.windows.server.sbs)
Re: Firewall on a single NIC SBS2003 Standard edition
... Frank McCallister SBS MVP ... > " Well, if you're wanting to run the firewall on a single NIC, you aren't ... Don't ask the server to do *everything*, ... > internet traffic from the workstations don't have to go through the SBS. ...
(microsoft.public.windows.server.sbs)
RE: CEICW fails on firewall configuration every time. Please help.
... Thank you for posting to the SBS Newsgroup. ... Reboot the server. ... CEICW fails on firewall configuration every time. ... >Firewall Rule: SBS DHCP Client ...
(microsoft.public.windows.server.sbs)