Re: SBS 1002 Premium R2 Mangling Port Issues

I guess the requirement are here;
http://www.microsoft.com/forefront/stirling/en/us/system-requirements.aspx
but I am unsure why there is "Forefront Threat Management Gateway" separate
from "Stirling Console" and what they each do. Since Stirling Console
requires at least 20GB HDD capacity and Forefront Threat Management Gateway
requires at least 150MB HDD capacity I presume Stirling Console is the main
standalone server required for a network edge. I also don't know why
"Forefront Client Security" requires at least 20GB HDD capacity on one's PC.
Why is it so bloated for a client-side security?

"Merv Porter [SBS-MVP]" wrote:

Forefront needs to go on it's own server. So, you would buy SBS 2008
Premium which gets you the second (Win2008) server license. Then buy
hardware for the second server and put Forefront on it. No "hardware"
firewall would be needed. When we use the term "hardware" firewall, we mean
a device that has a firewall built into it (your Sonicwall qualifies as a
"hardware" firewall device). While consumer grade "routers" include what is
called a firewall, a true hardware firewall device generally has a more
advanced firewall in it (with more capabilities and configurability).

MS may choose to form partnerships with major hardware vendors to create
devices based on Forefront but that kind of arrangement is probably far off
(if ever).

--
Merv Porter [SBS-MVP]
============================

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6865613D-F76D-4143-80D3-3D8B8DE55B77@xxxxxxxxxxxxxxxx
If I understand you well, do you mean that the "Forefront Threat
Management
Gateway" will be a solution that one buys and puts on its own PC hardware
as
a firewall/security suite (hence as you said; hardware based)? Or is MS
coming out with it on proprietary hardware similar to Sonicwall, Cisco,
etc?

"Cris Hanna [SBS MVP]" wrote:

Forefront Threat Management Gateway will replace ISA but it is not
expected
that we'll see support for this in the near future.
It would have to go on the second server in SBS Premium, when they
finally
get support for 64 bit.

WAY, WAY, WAY down the road, if ever.

The direction now is hardware firewall in front of SBS.

--
Cris Hanna [SBS - MVP]
Co-Author, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:24164635-B9D8-4828-821E-9F2157847E36@xxxxxxxxxxxxxxxx
Thanks for the tip. I will leave ISA out of the equation in that case.
The
Sonicwall Pro 1260 is enough anyway. What is replacing If ISA since it
is
not
supported in SBS 2008?
Thanx.

"Merv Porter [SBS-MVP]" wrote:

I agree with Cris. If you have a decent hardware firewall/router now,
ISA
probably isn't going to add much (unless you need to track Internet
usage
by
your users or use some other feature of ISA).

--
Merv Porter [SBS-MVP]
============================

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:069A2C37-B8BB-4390-9B5B-B166C93A2F45@xxxxxxxxxxxxxxxx
I ended up going with the dual NIC option as I may be looking at
installing
ISA at some point even though that thing can be confusing at times.
I
would
love to see any ISA article/link such as the one you posted on the
dual
&
single NIC setup.

Thanx.

"Merv Porter [SBS-MVP]" wrote:

Glad to hear you've got it working. Just for reference, which
scenario
(1
NIC or 2 NICs) did you finally end up with?

--
Merv Porter [SBS-MVP]
============================

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:342309B3-0CBB-4EC9-B8AD-D59D6FECEBA6@xxxxxxxxxxxxxxxx
You guys are geniuses, that did it. The ADT remote camera view is
working
now. Everything else was fine besides this, now its all good.

"Merv Porter [SBS-MVP]" wrote:

If you're going to stay with a single NIC scenario, you can
either
remove
the WAN NIC so there's only one NIC in the SBS (and then re-run
CEICW
to
configure SBS), or you can configure SBS to use both NICs and
then
re-run
CEICW. If choose two NICS, the WAN NIC and the LAN side of the
router
must
be in the same subnet and this must be different from the subnet
of
the
SBS
LAN. Again, look at the diagram here:

Two Nics, a static IP address, ISA, router
(the diagram works with or without ISA installed)
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx

--
Merv Porter [SBS-MVP]
============================

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:55AFE1BB-96AA-4EE9-9F74-FCCA3A0A3401@xxxxxxxxxxxxxxxx
Thanx for the response, I will give it a shot and let you know
the
outcome.
However, I just wanted to know if the subnet of the WAN NIC is
the
only
one I
need to change or do I also change that of the router as well
to
match
the
WAN NIC subnet?

Thanx.

"Merv Porter [SBS-MVP]" wrote:

From reading your posts, I believe this is what you need to
do:
(you have 2 NICs but no ISA installed)

+ Set up the "internal" and "external" NICs on the SBS
server
in
different
subnets

Two Nics, a static IP address, ISA, router
(the diagram works with or without ISA installed)
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx

+ In the Sonicwall, port forward 8016 to the "external" SBS
NIC
IP
address
+ Re-run CEICW, enable the firewall, select your services
and
finish
the
rest of CEICW (make sure it finishes without any errors)
+ Now forward the port 8016 traffic from the external SBS
NIC
to
the
LAN
device (ADT device):

1) Run rrasmgmt.msc in SBS 2003
2) Extend IP Routing and you should see the NAT/Basic
Firewall
node
3) Highlight NAT/Basic Firewall and you will see SBS server
external
network interface on right (By default the interface name
should
be
"Network Connection").
4) Right-click Network Connection interface select Properties
5) Click Services and Ports tab
6) Click Add button
7) Enter the description, select TCP or UDP, input port
number
in
Incoming
port box, input internal IP (for the ADT device) in Private
address
box,
input port number in
Outgoing port box. The incoming and outgoing ports will be
the
same
(8016).

Note: You can only input one port number here.

8) Click OK twice

--
Merv Porter [SBS-MVP]
============================

"MF" <MF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA38E9BC-FD32-4F79-A4F2-916560CA76F1@xxxxxxxxxxxxxxxx
Thanx for the help guys. I do want to keep the WAN NIC,
however I
would
like
an example of how I can effectively change its current
subnet
configuration
appropriately judging from the information I posted before.
I
also
feel
the
need to mention that the ADT DVR is on the LAN (not outside
the
LAN),
it
has
also always been setup with the router (not SBS) as its
default
gateway,
I'm
unsure if this is a problem or if I am better off setting
the
DVR
default
gateway and DNS network info to the SBS server. Keep in
mind
that
the
current
DVR configuration has always worked until suddenly not.

I did run the SBSBPA but it did not catch this WAN NIC
subnet
mention.
It
only mentioned;

1. The network interface drivers being more than one year
old
2. Disabling EDNS since some routers do not support it
3. Disabling Task Offloading to eliminate intermittent
network
issues
between SBS and XP computers.....I just disabled this.
4. DNS Zone not allowing secure updates.
5. OWA update for Exchange Server not installed.....I just
installed
this.

A solution is hopefully closer.

Thanx guys.

"Les Connor" wrote:

The BPA would hopefully pick this up, and offer you links
to
how
to
fix
it.

http://www.sbsbpa.com/

--
Les Connor [SBS-MVP]


____________________________
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:u3KQtqqNJHA.1172@xxxxxxxxxxxxxxxxxxxxxxx
yes, the system doesn't know how to route trafifc.

"Les Connor" <les.connor@xxxxxxxxxxxx> wrote in message
news:OacEIlqNJHA.1148@xxxxxxxxxxxxxxxxxxxxxxx
You've got both NICs and the router in the same subnet.
Eliminate
the
external NIC, or, change the IP configuration.

--
Les Connor [SBS-MVP]


.

Loading