Solved

SBS2003 Premium, internal firewall VS external firewall

Posted on 2003-12-01
3
607 Views
Last Modified: 2013-11-16
We have Small Business Server 2003 Premium. As we all know it has a built-in firewall-----ISA server.

I am wondering if we should buy a external firewall, for example, SOHO3.

The reason i am thinking about an external firewall is
1. the external firewall will be in charge of internet connection sharing, this will take some workload from the server.
2. the firewall will be a DHCP server, this will take some workload from the server.
3. if the server is down, all the workstations still have access to the net

am i correct? any thoughts based on your REAL field experience?

thx
0
Comment
Question by:techcity
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 31

Expert Comment

by:qwaletee
ID: 9854585
Yeah, everything you are saying is true, plus, anything that takes a Windows PC off a direct internet connection is almost certainly a good thing!!!

Basically, Windows-as-internet-router (known as ICS in consumer versions of Windows, which is really the same thing as ISA is doing), is pretty marginal.  Windows is the first target of hackers, and its network code is not really built to do routing.  It will be somewhat more flexible than a SOHO-type router, but LESS flexible than a true firewall-router.  The most comon type of complete firewall-router is the Cisco PIX line.  The most common SOHO routers are Linksys and D-Link.  The Linksys and D-Link products (and all their competitors) are really easy to set up and administrator.  PIX requires more knowledge.

You can also get some "firewall appliances" (such as Symantec's) which offer a balance of ease of use and flexibility.
0
 
LVL 1

Author Comment

by:techcity
ID: 9855444
thx for the fast reply,qwaletee.
SOHO3 is made by SonicWall.
I think Cisco's firewall is a over kill in my situation, but Dlink or Linksys is not very configurable.
0
 
LVL 31

Accepted Solution

by:
qwaletee earned 20 total points
ID: 9856377
SonicWall is good, same class as the Symantec applienaces I mentioned, though they make a range of products.  If you don't need the configurability you mention, the cheap routers are often "good enough."  The primary limitations are a single external address, meaning that youc an't, say, run two web servers on public port 80, because there's only one external IP address for them to share.  Some other limitations:

No policy control
No content filtering
Only directly supports a simple, flat, single subnet (including DHCP)
Unmanaged (litle or no SNMP, no physical port controls)

Most org's don't need these things, of course.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question