Re: External Firewall with SBS 2003

Thanks for both of your replies.

The pfSense device is running version 1.2 and it has 5 NICs. We'll certainly terminate the VPN connections at the pfSense and not SBS as it is now.


"Leythos" <spam999free@xxxxxxxxxx> wrote in message news:MPG.236ffd65670642c3989693@xxxxxxxxxxxxxxxxxxxxxxx
In article <9D222239-D91C-4185-BBA8-2CD8ACD34203@xxxxxxxxxxxxx>,
ksheppard31@xxxxxxxxxxx says...
I'm currently running SBS 2003 Premium and using the default setup with ISA
2004 and twin NICs for my setup. We have purchased a new external firewall
appliance running pfSense and are in the process of setting-up a true DMZ
using this external device.

What specific brand/model?

I'd like to remove ISA 2004 from my SBS server
as it will longer be necessary. Should I also remove the two NIC setup and
plug the 192.168.16.2 NIC directly into that segment of the DMZ?

The Firewall Appliance should have TWO private networks, often called
the LAN and the DMZ.

On a real firewall the LAN and DMZ are just as secure as each other,
meaning that you create rules for any access to them/from them to other
networks (Public/LAN/DMZ).

A typical setup would be:

LAN 192.168.8.0/24
DMZ 192.168.16.0/24


My other
thought was to simply continue to use my SBS setup as it is and pass on the
necessary ports (25, 443, 444, 1723) to my external NIC on SBS from the DMZ
setup.

Your firewall appliance SHOULD be a PPTP Server, so you don't want SBS
to do the PPTP connection. This provides A LOT MORE SECURITY by having
the Firewall do the PPTP connection. By using the Firewall you can then
create rules that allow you to control what PORTS can be passed through
the PPTP connection - we normally limit users to TCP 3389 and then to
the IP of the Terminal Server or a small range of IP in the LAN.

If I do remove ISA 2004, what is the correct procedure? I'm
guessing that I need to re-launch the SBS setup wizard and remove it that
way. Also, what should I do with the Internet Connection Wizard on SBS once
I remove ISA and possibly the external NIC?

I can't help here, we never install ISA or Dual NIC solutions, we always
implement a firewall appliance as ISA is not certified on a non-
Dedicated MS Server box.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)

.

Relevant Pages

  • Re: 45 days STUCK LIKE CHUCK. DNS / Mx record cant recieve emails
    ... Is this SBS Premium, and if so, in ISA, is the "SBS SMTP Server Access Rule" ... like Exchange not listening on the Internet NIC. ... Nics Cards internal / externally.. ... You can test the connection from within the LAN, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 + TS. HELP needed URGENTLY please!
    ... no matter about the routing table the ISA client will be intercepting calls. ... This has the added advantages that should one of the services be down the router may be able to redirect traffic through the other connection. ... SBS remote support services. ... > The SBS server has 2 nics configured with ISA and a public IP I shall> call ...
    (microsoft.public.windows.server.sbs)
  • Re: Funky mouse behavior on a TS session
    ... The issue surfaced a little more than a year ago, first with Broadcom NICs, as they were the first to come out with task offloading and recieve side scaling and in the very popular 2900 series servers. ... The error conditions weren't widely seen with WS SP1, as an update needed to be applied in order to enable the features in the OS. ... The issues are far wider than with SBS, they were first discovered on non-SBS systems. ... the resolution set at the connecting PC will be used by 'full screen' RDP sessions but during the remote connection procedure you can set the resolution to be used. ...
    (microsoft.public.windows.server.sbs)
  • RE: Server with 3 NICs
    ... 3 NICs on SBS 2k3 system scenario is not a recommended configuration. ... the 3 NICs with 2 network segments on your SBS server will cause lots of side issues. ... Server Local Area Connection is ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Help! RAS and 2 NICs?
    ... Net Card ... Now my LAN Card is usually not setup with a Static IP ... I can have an outside connection.. ... >> to specify the inside network and outside network NICS, ...
    (microsoft.public.backoffice.smallbiz2000)
Loading