We help IT Professionals succeed at work.

Considering Novell's Bordermanger

S Connelly
S Connelly asked
on
Medium Priority
366 Views
Last Modified: 2013-11-16
Background info:
Currently own:
- Netware 5.0 (50 licenses)
- Exchange Server 5.5

I need a good firewall with VPN services.

I am considering an 'upgrade' to Netware for small business which will include Netware with 50 clients,
Bordermanager Firewall, Faxing and Groupwise.

Since this package also includes Groupwise... I also have the option of migrating and solving some long
outstanding problems with Exchange such as viruses, forms and workflow management (never very good in
Exchange), single instance stores and overall much better security (esp. over Internet).

My questions: Is this a sound idea because I'm basically (in a sense) downgrading, however, this company
does not expect to grow to 50 clients in the next 2 years (currently 28 clients and 40 computers/connections).

What are the potential pitfalls to this plan?  
Any additional benefits to doing this as I still have to
propose this plan to my CFO).

My other alternative was to install ISA2000 (apx. same cost).  

I'll start the reward at 150pts but will offer more for really good, detailed answers.

Thank you.
(question repeated from Novell group)
Comment
Watch Question

Border manager is a reasonably decent firewall (certainly at least as good as ISA - I personally wouldn't trust anything from MS further than I can spit), and GroupWise is at least halfway decent.

But.... It's probably a bad idea to run your firewall on the same machine as everything else.  You want an architecture that looks more like this:

--Internet--Firewall--Internal-Network

Or better yet

--Internet--Firewall--Internal-Network
              |
            Internet-visible systems

Where Internet visible stuff would include your e-mail server.

And... If you really want to be cost consience, don't use $$$ commercial software at all.

An OpenBSD system running IPf makes a great firewall.
And an OpenBSD, FreeBSD, or Linux system running Sendmail and SAMBA makes a great e-mail and file/print server.  No workflow management support, though, without some fancier add-on stuff.

Commented:
we looked into BoaderManager for a while. in the end, we went with Cisco Pix firewalls.

several reasons for this, some of which are:

- BorderManager REQUIRES a Novell Server to run. This is expensive to properly setup a box just for this.
- BorderManager is SOFTWARE, and like any software, can be hacked/crashed much easier than hardware - especially if the Novell box that it's installed on is not secure enough.
- BorderManager REQUIRES a Novell network to run. If you ever even consider moving away from Novell, you'll have to purchase a brand new firewall.
- If you want redundant firewalls (in case one does go down) you have to buy 2 boxes, and 2 copies of BorderManager. With the Cisco Pix, the 2nd redundant firewall is always included.
Commented:
Going from Exchange to GroupWise is a very good idea. I run GW6.0 and really like it. The only negative to it is this lack of good intergrations with 3rd party utilities (like PDAs); but still well worth it.

As for BorderManager it is very good as well. I am currently using the 3.6 Enterprise version for firewall, proxy and VPN capabilities.

I also agree with Chris in the regards to keeping GW and BM seperate.  There are some Novell TIDs that document "issues" when running them together.

BM is one of the few firewalls with IP and IPX over it's VPN.

BM and GW both have good support from the Novell forums and Novell's knowledge base.

GW will make much better use of space than Exchange. For instance...one 10meg message sent to 19 internal email accounts takes up about 200megs in Exchange but just over 10megs with GW.

I understand troubleshooting message flow in GW is much easier than in Exchange because GW keeps the message files in plain view (but encrypted) within the directory structure. Exchanges hides them in databases.

GW doesn't have as many 3rd party integrations for things like virus checking in messages, but there are some available.

BM does not report/track users well but you can limit access per NDS username, host name, and/or IP address if desired.

If user access restrictions are important then you can force a "java sign on" or get the username pulled automatically from the Client32 enabled workstation using CLNTRUST.exe or even use Novell's "Single Single On".

For future reference...even though BM runs on Netware, I'm fairly certain you do not have to have any other Netware servers on the network. GW doesn't even require a Netware server, it can run on NT (though I wouldn't suggest it because of the constant troubles relating to NT).

Relating to the "redundant firewalls" for failover comment...I was told by a Novell rep. that I didn't need to purchase a 2nd copy in that situation. So if this is needed in your situation I would suggest checking it out closer for yourself.

Commented:
I wouldn't touch a software firewall if I could help it.  However, I would look into the possibility of investing in a hardware appliance firewall - nothing too flash and still using Border Manager as an HTTP and application Proxy.

This would make it easier to configure outbound access as it could be done on a NDS object basis.  Your network would be much more secure as you would have an additional layer in front of your Proxy server and access would be assigned to just the one machine.

Any decent hardware appliance firewall will be much quicker to configure, more secure and easier to replace than a firewall application running on a server.
Some of your open 23 questions are current, but many are not.  ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101, Netminder or Mindphaser will return to finalize these if they are still open in 7 days.  Experts, please post closing recommendations before that time.

Below are your open questions as of today.  Questions which have been inactive for 21 days or longer are considered to be abandoned and for those, your options are:
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20022366.html
http://www.experts-exchange.com/questions/Q.20022363.html
http://www.experts-exchange.com/questions/Q.20142011.html
http://www.experts-exchange.com/questions/Q.20163170.html
http://www.experts-exchange.com/questions/Q.20163198.html
http://www.experts-exchange.com/questions/Q.20165526.html
http://www.experts-exchange.com/questions/Q.20165532.html
http://www.experts-exchange.com/questions/Q.20175313.html
http://www.experts-exchange.com/questions/Q.20176088.html
http://www.experts-exchange.com/questions/Q.20188199.html
http://www.experts-exchange.com/questions/Q.20188197.html
http://www.experts-exchange.com/questions/Q.20191317.html
http://www.experts-exchange.com/questions/Q.20191318.html
http://www.experts-exchange.com/questions/Q.20191319.html
http://www.experts-exchange.com/questions/Q.20194139.html
http://www.experts-exchange.com/questions/Q.20251645.html
http://www.experts-exchange.com/questions/Q.20263647.html
http://www.experts-exchange.com/questions/Q.20266099.html
http://www.experts-exchange.com/questions/Q.20271348.html
http://www.experts-exchange.com/questions/Q.20274640.html
http://www.experts-exchange.com/questions/Q.20265767.html
http://www.experts-exchange.com/questions/Q.20298168.html
http://www.experts-exchange.com/questions/Q.20298175.html



*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations.
If you are interested in the cleanup effort, please click this link
http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643 
POINTS FOR EXPERTS awaiting comments are listed in the link below
http://www.experts-exchange.com/commspt/Q.20277028.html
 
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
 
Thanks everyone.
Moondancer
Moderator @ Experts Exchange
S ConnellyTechnical Writer

Author

Commented:
Thanks for your answers everyone!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.