SBS2003 Premium, internal firewall VS external firewall

We have Small Business Server 2003 Premium. As we all know it has a built-in firewall-----ISA server.

I am wondering if we should buy a external firewall, for example, SOHO3.

The reason i am thinking about an external firewall is
1. the external firewall will be in charge of internet connection sharing, this will take some workload from the server.
2. the firewall will be a DHCP server, this will take some workload from the server.
3. if the server is down, all the workstations still have access to the net

am i correct? any thoughts based on your REAL field experience?

thx
LVL 1
Y YconsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

qwaleteeCommented:
Yeah, everything you are saying is true, plus, anything that takes a Windows PC off a direct internet connection is almost certainly a good thing!!!

Basically, Windows-as-internet-router (known as ICS in consumer versions of Windows, which is really the same thing as ISA is doing), is pretty marginal.  Windows is the first target of hackers, and its network code is not really built to do routing.  It will be somewhat more flexible than a SOHO-type router, but LESS flexible than a true firewall-router.  The most comon type of complete firewall-router is the Cisco PIX line.  The most common SOHO routers are Linksys and D-Link.  The Linksys and D-Link products (and all their competitors) are really easy to set up and administrator.  PIX requires more knowledge.

You can also get some "firewall appliances" (such as Symantec's) which offer a balance of ease of use and flexibility.
Y YconsultantAuthor Commented:
thx for the fast reply,qwaletee.
SOHO3 is made by SonicWall.
I think Cisco's firewall is a over kill in my situation, but Dlink or Linksys is not very configurable.
qwaleteeCommented:
SonicWall is good, same class as the Symantec applienaces I mentioned, though they make a range of products.  If you don't need the configurability you mention, the cheap routers are often "good enough."  The primary limitations are a single external address, meaning that youc an't, say, run two web servers on public port 80, because there's only one external IP address for them to share.  Some other limitations:

No policy control
No content filtering
Only directly supports a simple, flat, single subnet (including DHCP)
Unmanaged (litle or no SNMP, no physical port controls)

Most org's don't need these things, of course.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.