• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 616
  • Last Modified:

SBS2003 Premium, internal firewall VS external firewall

We have Small Business Server 2003 Premium. As we all know it has a built-in firewall-----ISA server.

I am wondering if we should buy a external firewall, for example, SOHO3.

The reason i am thinking about an external firewall is
1. the external firewall will be in charge of internet connection sharing, this will take some workload from the server.
2. the firewall will be a DHCP server, this will take some workload from the server.
3. if the server is down, all the workstations still have access to the net

am i correct? any thoughts based on your REAL field experience?

thx
0
Y Y
Asked:
Y Y
  • 2
1 Solution
 
qwaleteeCommented:
Yeah, everything you are saying is true, plus, anything that takes a Windows PC off a direct internet connection is almost certainly a good thing!!!

Basically, Windows-as-internet-router (known as ICS in consumer versions of Windows, which is really the same thing as ISA is doing), is pretty marginal.  Windows is the first target of hackers, and its network code is not really built to do routing.  It will be somewhat more flexible than a SOHO-type router, but LESS flexible than a true firewall-router.  The most comon type of complete firewall-router is the Cisco PIX line.  The most common SOHO routers are Linksys and D-Link.  The Linksys and D-Link products (and all their competitors) are really easy to set up and administrator.  PIX requires more knowledge.

You can also get some "firewall appliances" (such as Symantec's) which offer a balance of ease of use and flexibility.
0
 
Y YconsultantAuthor Commented:
thx for the fast reply,qwaletee.
SOHO3 is made by SonicWall.
I think Cisco's firewall is a over kill in my situation, but Dlink or Linksys is not very configurable.
0
 
qwaleteeCommented:
SonicWall is good, same class as the Symantec applienaces I mentioned, though they make a range of products.  If you don't need the configurability you mention, the cheap routers are often "good enough."  The primary limitations are a single external address, meaning that youc an't, say, run two web servers on public port 80, because there's only one external IP address for them to share.  Some other limitations:

No policy control
No content filtering
Only directly supports a simple, flat, single subnet (including DHCP)
Unmanaged (litle or no SNMP, no physical port controls)

Most org's don't need these things, of course.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now