Re: Firewalls

From: Leythos <Void@xxxxxxxxxxx>
Date: Thu, 15 Feb 2007 05:30:48 -0600

On Wed, 14 Feb 2007 19:45:13 -0600, Tom wrote:

I have a client who has had another vendor recommend they purchase a cisco
router/firewall for their SBS 2003 standard installation. The client uses
DSL. The other vendor feels there should also be a separate VPN
authentication server and perhaps move the Exchange to a spearate server,
all to acommodate future growth. This installation has 15 users. I am
curious to know what anyone would think about the Cisco purchase; if
Standard is safe enough (it seems to be for all my other clients on the
Standard version of SBS 2003) and if moving them to Premium would be a
reasonable alternative to the Cisco hardware purchase? If they did go the
Cisco route, I may suggest they just go to a T1 line with would probably
include the Cisco hardware. for the record, the suggestions (i.e moving
Exchange to another server) seem to moss the point of SBS in the first
place, but I don't want to get into a battle with the other people.

For a client with a DSL or T1 you could just purchase a firewall to setup
secondary authentication, and you would not need a second server.

I use WatchGuard for almost every client, it sounds like the X550e unit
would be more than enough for your client.

With the x550e they could secure their exchange server by removing content
from SMTP inbound sessions, they could also setup VPN to the firewall and
then provide access via authenticated user to the exchange server.

We have one client with SBS and a dedicated Exchange server, but, their
server has 70 active users and they have 16 Fax Modems attached to the
dedicated Exchange server. The only reason we moved Exchange to a
dedicated server was because of the load/memory and the 16 Fax lines that
come into it. We run SQL also, and between SQL and Exchange with that many
users it was just to much load.

The firewall is the proper method, but with it you won't need a secondary
authentication method - and the firewall is about $2000 currently, a heck
of a lot cheaper than their proposed solution.

--

Leythos

spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Follow-Ups:
- Re: Firewalls
  - From: Stacemen

References:
- Firewalls
  - From: Tom

Prev by Date: Re: Primary WINS Server
Next by Date: RE: MS - Licensing/registration
Previous by thread: Re: Firewalls
Next by thread: Re: Firewalls
Index(es):
- Date
- Thread

Relevant Pages

Re: WCF security advice (and clarification) needed
... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
(microsoft.public.dotnet.framework.webservices)
Re: SSPI Kerberos for delegation
... We want the authentication to happen without providing credentials ... But SSPI while authenticating from the client to the server can do mutual ...
(comp.protocols.kerberos)
Re: Aironet 1200/Radius Help Needed
... I just fired up a W2003 Advanced Server so that I can take ... >> IAS servers (do I need a separate certificate for the secondary IAS ... >> of authentication since it involves just installing the certificate on ... >between the AP and the client. ...
(microsoft.public.internet.radius)
Re: Windows Authentication, Single sign on and Active Directory
... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: WM5 can not sync to exchange
... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... Collect the IIS metabase on Exchange Server and send to me: ...
(microsoft.public.windows.server.sbs)