Re: SBS 1002 Premium R2 Mangling Port Issues


It's not worth considering at this point...its not supported with any version of SBS at this time.
As Merv, points out, there are many useful purposes for the second server license that comes with SBS 2008 premium, but using it for a "Software firewall" is not one of them

--
Cris Hanna [SBS - MVP]
Co-Author, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:5F54CEE5-1871-4638-AB53-F80A041318EE@xxxxxxxxxxxxxxxx
I guess the requirement are here;
http://www.microsoft.com/forefront/stirling/en/us/system-requirements.aspx
but I am unsure why there is "Forefront Threat Management Gateway" separate
from "Stirling Console" and what they each do. Since Stirling Console
requires at least 20GB HDD capacity and Forefront Threat Management Gateway
requires at least 150MB HDD capacity I presume Stirling Console is the main
standalone server required for a network edge. I also don't know why
"Forefront Client Security" requires at least 20GB HDD capacity on one's PC.
Why is it so bloated for a client-side security?

"Merv Porter [SBS-MVP]" wrote:

Forefront needs to go on it's own server. So, you would buy SBS 2008
Premium which gets you the second (Win2008) server license. Then buy
hardware for the second server and put Forefront on it. No "hardware"
firewall would be needed. When we use the term "hardware" firewall, we mean
a device that has a firewall built into it (your Sonicwall qualifies as a
"hardware" firewall device). While consumer grade "routers" include what is
called a firewall, a true hardware firewall device generally has a more
advanced firewall in it (with more capabilities and configurability).

MS may choose to form partnerships with major hardware vendors to create
devices based on Forefront but that kind of arrangement is probably far off
(if ever).

--
Merv Porter [SBS-MVP]
============================

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6865613D-F76D-4143-80D3-3D8B8DE55B77@xxxxxxxxxxxxxxxx
> If I understand you well, do you mean that the "Forefront Threat
> Management
> Gateway" will be a solution that one buys and puts on its own PC > hardware
> as
> a firewall/security suite (hence as you said; hardware based)? Or is MS
> coming out with it on proprietary hardware similar to Sonicwall, Cisco,
> etc?
>
> "Cris Hanna [SBS MVP]" wrote:
>
>> Forefront Threat Management Gateway will replace ISA but it is not
>> expected
>> that we'll see support for this in the near future.
>> It would have to go on the second server in SBS Premium, when they
>> finally
>> get support for 64 bit.
>>
>> WAY, WAY, WAY down the road, if ever.
>>
>> The direction now is hardware firewall in front of SBS.
>>
>> -- >> Cris Hanna [SBS - MVP]
>> Co-Author, Windows Small Business Server 2008 Unleashed
>> http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
>> ------------------------------------
>> MVPs do not work for Microsoft
>> Please do not submit questions directly to me.
>>
>> "MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:24164635-B9D8-4828-821E-9F2157847E36@xxxxxxxxxxxxxxxx
>> > Thanks for the tip. I will leave ISA out of the equation in that >> > case.
>> > The
>> > Sonicwall Pro 1260 is enough anyway. What is replacing If ISA since >> > it
>> > is
>> > not
>> > supported in SBS 2008?
>> > Thanx.
>> >
>> > "Merv Porter [SBS-MVP]" wrote:
>> >
>> >> I agree with Cris. If you have a decent hardware firewall/router >> >> now,
>> >> ISA
>> >> probably isn't going to add much (unless you need to track Internet
>> >> usage
>> >> by
>> >> your users or use some other feature of ISA).
>> >>
>> >> -- >> >> Merv Porter [SBS-MVP]
>> >> ============================
>> >>
>> >> "MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:069A2C37-B8BB-4390-9B5B-B166C93A2F45@xxxxxxxxxxxxxxxx
>> >> >I ended up going with the dual NIC option as I may be looking at
>> >> >installing
>> >> > ISA at some point even though that thing can be confusing at >> >> > times.
>> >> > I
>> >> > would
>> >> > love to see any ISA article/link such as the one you posted on >> >> > the
>> >> > dual
>> >> > &
>> >> > single NIC setup.
>> >> >
>> >> > Thanx.
>> >> >
>> >> > "Merv Porter [SBS-MVP]" wrote:
>> >> >
>> >> >> Glad to hear you've got it working. Just for reference, which
>> >> >> scenario
>> >> >> (1
>> >> >> NIC or 2 NICs) did you finally end up with?
>> >> >>
>> >> >> -- >> >> >> Merv Porter [SBS-MVP]
>> >> >> ============================
>> >> >>
>> >> >> "MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:342309B3-0CBB-4EC9-B8AD-D59D6FECEBA6@xxxxxxxxxxxxxxxx
>> >> >> > You guys are geniuses, that did it. The ADT remote camera view >> >> >> > is
>> >> >> > working
>> >> >> > now. Everything else was fine besides this, now its all good.
>> >> >> >
>> >> >> > "Merv Porter [SBS-MVP]" wrote:
>> >> >> >
>> >> >> >> If you're going to stay with a single NIC scenario, you can
>> >> >> >> either
>> >> >> >> remove
>> >> >> >> the WAN NIC so there's only one NIC in the SBS (and then >> >> >> >> re-run
>> >> >> >> CEICW
>> >> >> >> to
>> >> >> >> configure SBS), or you can configure SBS to use both NICs and
>> >> >> >> then
>> >> >> >> re-run
>> >> >> >> CEICW. If choose two NICS, the WAN NIC and the LAN side of >> >> >> >> the
>> >> >> >> router
>> >> >> >> must
>> >> >> >> be in the same subnet and this must be different from the >> >> >> >> subnet
>> >> >> >> of
>> >> >> >> the
>> >> >> >> SBS
>> >> >> >> LAN. Again, look at the diagram here:
>> >> >> >>
>> >> >> >> Two Nics, a static IP address, ISA, router
>> >> >> >> (the diagram works with or without ISA installed)
>> >> >> >> http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx
>> >> >> >>
>> >> >> >> -- >> >> >> >> Merv Porter [SBS-MVP]
>> >> >> >> ============================
>> >> >> >>
>> >> >> >> "MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> >> news:55AFE1BB-96AA-4EE9-9F74-FCCA3A0A3401@xxxxxxxxxxxxxxxx
>> >> >> >> > Thanx for the response, I will give it a shot and let you >> >> >> >> > know
>> >> >> >> > the
>> >> >> >> > outcome.
>> >> >> >> > However, I just wanted to know if the subnet of the WAN NIC >> >> >> >> > is
>> >> >> >> > the
>> >> >> >> > only
>> >> >> >> > one I
>> >> >> >> > need to change or do I also change that of the router as >> >> >> >> > well
>> >> >> >> > to
>> >> >> >> > match
>> >> >> >> > the
>> >> >> >> > WAN NIC subnet?
>> >> >> >> >
>> >> >> >> > Thanx.
>> >> >> >> >
>> >> >> >> > "Merv Porter [SBS-MVP]" wrote:
>> >> >> >> >
>> >> >> >> >> From reading your posts, I believe this is what you need >> >> >> >> >> to
>> >> >> >> >> do:
>> >> >> >> >> (you have 2 NICs but no ISA installed)
>> >> >> >> >>
>> >> >> >> >> + Set up the "internal" and "external" NICs on the SBS
>> >> >> >> >> server
>> >> >> >> >> in
>> >> >> >> >> different
>> >> >> >> >> subnets
>> >> >> >> >>
>> >> >> >> >> Two Nics, a static IP address, ISA, router
>> >> >> >> >> (the diagram works with or without ISA installed)
>> >> >> >> >> http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx
>> >> >> >> >>
>> >> >> >> >> + In the Sonicwall, port forward 8016 to the "external" >> >> >> >> >> SBS
>> >> >> >> >> NIC
>> >> >> >> >> IP
>> >> >> >> >> address
>> >> >> >> >> + Re-run CEICW, enable the firewall, select your services
>> >> >> >> >> and
>> >> >> >> >> finish
>> >> >> >> >> the
>> >> >> >> >> rest of CEICW (make sure it finishes without any errors)
>> >> >> >> >> + Now forward the port 8016 traffic from the external SBS
>> >> >> >> >> NIC
>> >> >> >> >> to
>> >> >> >> >> the
>> >> >> >> >> LAN
>> >> >> >> >> device (ADT device):
>> >> >> >> >>
>> >> >> >> >> 1) Run rrasmgmt.msc in SBS 2003
>> >> >> >> >> 2) Extend IP Routing and you should see the NAT/Basic
>> >> >> >> >> Firewall
>> >> >> >> >> node
>> >> >> >> >> 3) Highlight NAT/Basic Firewall and you will see SBS >> >> >> >> >> server
>> >> >> >> >> external
>> >> >> >> >> network interface on right (By default the interface name
>> >> >> >> >> should
>> >> >> >> >> be
>> >> >> >> >> "Network Connection").
>> >> >> >> >> 4) Right-click Network Connection interface select >> >> >> >> >> Properties
>> >> >> >> >> 5) Click Services and Ports tab
>> >> >> >> >> 6) Click Add button
>> >> >> >> >> 7) Enter the description, select TCP or UDP, input port
>> >> >> >> >> number
>> >> >> >> >> in
>> >> >> >> >> Incoming
>> >> >> >> >> port box, input internal IP (for the ADT device) in >> >> >> >> >> Private
>> >> >> >> >> address
>> >> >> >> >> box,
>> >> >> >> >> input port number in
>> >> >> >> >> Outgoing port box. The incoming and outgoing ports will >> >> >> >> >> be
>> >> >> >> >> the
>> >> >> >> >> same
>> >> >> >> >> (8016).
>> >> >> >> >>
>> >> >> >> >> Note: You can only input one port number here.
>> >> >> >> >>
>> >> >> >> >> 8) Click OK twice
>> >> >> >> >>
>> >> >> >> >> -- >> >> >> >> >> Merv Porter [SBS-MVP]
>> >> >> >> >> ============================
>> >> >> >> >>
>> >> >> >> >> "MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> >> >> news:BA38E9BC-FD32-4F79-A4F2-916560CA76F1@xxxxxxxxxxxxxxxx
>> >> >> >> >> > Thanx for the help guys. I do want to keep the WAN NIC,
>> >> >> >> >> > however I
>> >> >> >> >> > would
>> >> >> >> >> > like
>> >> >> >> >> > an example of how I can effectively change its current
>> >> >> >> >> > subnet
>> >> >> >> >> > configuration
>> >> >> >> >> > appropriately judging from the information I posted >> >> >> >> >> > before.
>> >> >> >> >> > I
>> >> >> >> >> > also
>> >> >> >> >> > feel
>> >> >> >> >> > the
>> >> >> >> >> > need to mention that the ADT DVR is on the LAN (not >> >> >> >> >> > outside
>> >> >> >> >> > the
>> >> >> >> >> > LAN),
>> >> >> >> >> > it
>> >> >> >> >> > has
>> >> >> >> >> > also always been setup with the router (not SBS) as its
>> >> >> >> >> > default
>> >> >> >> >> > gateway,
>> >> >> >> >> > I'm
>> >> >> >> >> > unsure if this is a problem or if I am better off >> >> >> >> >> > setting
>> >> >> >> >> > the
>> >> >> >> >> > DVR
>> >> >> >> >> > default
>> >> >> >> >> > gateway and DNS network info to the SBS server. Keep in
>> >> >> >> >> > mind
>> >> >> >> >> > that
>> >> >> >> >> > the
>> >> >> >> >> > current
>> >> >> >> >> > DVR configuration has always worked until suddenly not.
>> >> >> >> >> >
>> >> >> >> >> > I did run the SBSBPA but it did not catch this WAN NIC
>> >> >> >> >> > subnet
>> >> >> >> >> > mention.
>> >> >> >> >> > It
>> >> >> >> >> > only mentioned;
>> >> >> >> >> >
>> >> >> >> >> > 1. The network interface drivers being more than one >> >> >> >> >> > year
>> >> >> >> >> > old
>> >> >> >> >> > 2. Disabling EDNS since some routers do not support it
>> >> >> >> >> > 3. Disabling Task Offloading to eliminate intermittent
>> >> >> >> >> > network
>> >> >> >> >> > issues
>> >> >> >> >> > between SBS and XP computers.....I just disabled this.
>> >> >> >> >> > 4. DNS Zone not allowing secure updates.
>> >> >> >> >> > 5. OWA update for Exchange Server not installed.....I >> >> >> >> >> > just
>> >> >> >> >> > installed
>> >> >> >> >> > this.
>> >> >> >> >> >
>> >> >> >> >> > A solution is hopefully closer.
>> >> >> >> >> >
>> >> >> >> >> > Thanx guys.
>> >> >> >> >> >
>> >> >> >> >> > "Les Connor" wrote:
>> >> >> >> >> >
>> >> >> >> >> >> The BPA would hopefully pick this up, and offer you >> >> >> >> >> >> links
>> >> >> >> >> >> to
>> >> >> >> >> >> how
>> >> >> >> >> >> to
>> >> >> >> >> >> fix
>> >> >> >> >> >> it.
>> >> >> >> >> >>
>> >> >> >> >> >> http://www.sbsbpa.com/
>> >> >> >> >> >>
>> >> >> >> >> >> -- >> >> >> >> >> >> Les Connor [SBS-MVP]
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >> ____________________________
>> >> >> >> >> >> "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in >> >> >> >> >> >> message
>> >> >> >> >> >> news:u3KQtqqNJHA.1172@xxxxxxxxxxxxxxxxxxxxxxx
>> >> >> >> >> >> > yes, the system doesn't know how to route trafifc.
>> >> >> >> >> >> >
>> >> >> >> >> >> > "Les Connor" <les.connor@xxxxxxxxxxxx> wrote in >> >> >> >> >> >> > message
>> >> >> >> >> >> > news:OacEIlqNJHA.1148@xxxxxxxxxxxxxxxxxxxxxxx
>> >> >> >> >> >> >> You've got both NICs and the router in the same >> >> >> >> >> >> >> subnet.
>> >> >> >> >> >> >> Eliminate
>> >> >> >> >> >> >> the
>> >> >> >> >> >> >> external NIC, or, change the IP configuration.
>> >> >> >> >> >> >>
>> >> >> >> >> >> >> -- >> >> >> >> >> >> >> Les Connor [SBS-MVP]
>> >> >> >> >> >> >>
>> >> >> >> >> >> >>

.

Loading