raortman
asked on
Firewall Protection for New MS Small Biz 2003 Server
Greetings all,
I'm a total newbie at MS Small Biz Server. I know enough about networking to be dangerous to myself and those around me.
The MS instructions seem to be incomprehensible murk.
Many questions: What is the best (most secure) way to hook our new server up the the Internet? Right now, it's behind a Symantec Security Appliance. The serever has 2 NICs. We want to host our own SSL extranet, as well as have ftp, mail, & etc.
Hardware firewall a good idea? If yes, then which one? Will the Symantec work? Or would a Cisco PIX or NetScreen 5GT (or something else) be better?
We have purchased 5 fixed IPs. A regular website would use one of the IPs. The SSL extranet uses another. How do you do the routing so that a user can get through to the correct IP?
Thanks in advance,
/RO/
I'm a total newbie at MS Small Biz Server. I know enough about networking to be dangerous to myself and those around me.
The MS instructions seem to be incomprehensible murk.
Many questions: What is the best (most secure) way to hook our new server up the the Internet? Right now, it's behind a Symantec Security Appliance. The serever has 2 NICs. We want to host our own SSL extranet, as well as have ftp, mail, & etc.
Hardware firewall a good idea? If yes, then which one? Will the Symantec work? Or would a Cisco PIX or NetScreen 5GT (or something else) be better?
We have purchased 5 fixed IPs. A regular website would use one of the IPs. The SSL extranet uses another. How do you do the routing so that a user can get through to the correct IP?
Thanks in advance,
/RO/
ASKER
Hi jabiii,
Thank you for your comment and the links.
Query: How does the NetScreen handle the public IPs? If I were hooking the server straight to the net, I could drop all our public IPs into its front NIC. How do you accomplish the same goal with a router? Sorry, I don't know the first thing about MIP or VIP...
/RO/
Thank you for your comment and the links.
Query: How does the NetScreen handle the public IPs? If I were hooking the server straight to the net, I could drop all our public IPs into its front NIC. How do you accomplish the same goal with a router? Sorry, I don't know the first thing about MIP or VIP...
/RO/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would use Juniper NetScreen FW/VPN's. But depending on your bandwith and other needs as to which model to go with.
If your servers are on a private IP space, and you have 5 public, then you can use MIP or VIP on a Netscreen to get external people to connect.
Here is a FW' buyers guide, granted it's from juniper so it might be slighted towards them but gives you an Idea.
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf
Refference these 2.
https://www.experts-exchange.com/questions/21811815/Firewall-recommendation-needed-appliance.html
https://www.experts-exchange.com/questions/21704713/VPN-Recommendation.html