[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 612
  • Last Modified:

SBS2003 Premium, internal firewall VS external firewall

We have Small Business Server 2003 Premium. As we all know it has a built-in firewall-----ISA server.

I am wondering if we should buy a external firewall, for example, SOHO3.

The reason i am thinking about an external firewall is
1. the external firewall will be in charge of internet connection sharing, this will take some workload from the server.
2. the firewall will be a DHCP server, this will take some workload from the server.
3. if the server is down, all the workstations still have access to the net

am i correct? any thoughts based on your REAL field experience?

thx
0
techcity
Asked:
techcity
  • 2
1 Solution
 
qwaleteeCommented:
Yeah, everything you are saying is true, plus, anything that takes a Windows PC off a direct internet connection is almost certainly a good thing!!!

Basically, Windows-as-internet-router (known as ICS in consumer versions of Windows, which is really the same thing as ISA is doing), is pretty marginal.  Windows is the first target of hackers, and its network code is not really built to do routing.  It will be somewhat more flexible than a SOHO-type router, but LESS flexible than a true firewall-router.  The most comon type of complete firewall-router is the Cisco PIX line.  The most common SOHO routers are Linksys and D-Link.  The Linksys and D-Link products (and all their competitors) are really easy to set up and administrator.  PIX requires more knowledge.

You can also get some "firewall appliances" (such as Symantec's) which offer a balance of ease of use and flexibility.
0
 
techcityAuthor Commented:
thx for the fast reply,qwaletee.
SOHO3 is made by SonicWall.
I think Cisco's firewall is a over kill in my situation, but Dlink or Linksys is not very configurable.
0
 
qwaleteeCommented:
SonicWall is good, same class as the Symantec applienaces I mentioned, though they make a range of products.  If you don't need the configurability you mention, the cheap routers are often "good enough."  The primary limitations are a single external address, meaning that youc an't, say, run two web servers on public port 80, because there's only one external IP address for them to share.  Some other limitations:

No policy control
No content filtering
Only directly supports a simple, flat, single subnet (including DHCP)
Unmanaged (litle or no SNMP, no physical port controls)

Most org's don't need these things, of course.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now