Solved

SBS 2003 Firewall or External Firewall

Posted on 2004-08-11
7
692 Views
Last Modified: 2013-11-16
I have a question.

I am a programmer who is a complete novice with regard to networks. I am installing SBS 2003 on a machine to bring my network out of the stone ages. (Also, need SQL.)

I have run into a question while performing the installation. The server has two network cards in it, and I am wondering whether I should run the Firewall incorporated into SBS, or use the one in my router/firewall. (SMC Networks broadband router/firewall.)

Which is the more secure way?

Also, if anyone knows the answer to this one: Is it better to let me router be the DHCP server or should I let SBS be the DHCP server?

Any advice would be greatly appreciated.

Thanks.
Vee
0
Comment
Question by:VeeVan
  • 4
  • 3
7 Comments
 
LVL 2

Accepted Solution

by:
AndyJG247 earned 500 total points
ID: 11819911
First Question
Most secure way would be to use both, although this would increase the configuration time.
Assuming this is SBS2003 and you are meaning the ISA firewall (included only in the premium package as is SQL) then it is industry standard and very powerful however still has the problem of residing on the server itself.  Having said that its still great.  Your router firewall should be considered as the first line defence - ISA as number two in-line.


|
Router
|
|NIC#2
Server
|NIC#1
|
Switch
|
Clients

Second question
As above you would need to use the dhcp server of SBS as your router is seperated from your internal clients.  Even if this wasn't the case the SBS DNS would still be a lot more powerful (additional options etc).

Once its working I don't think you will regret using SBS.

cheers
Andy
0
 
LVL 1

Author Comment

by:VeeVan
ID: 11820264
Andy -

I have already setup SBS using the DHCP on the server. Also, I am currently using only the Firewall on my router. Is there a way to reconfigure SBS to use it's firewall, too, or would I have to reformat and start over (not an option at this point.)

If there is a way to reconfigure, if you could provide a little insite on how that would be done would be greatly appreciated.

Thanks.

Vee
0
 
LVL 1

Author Comment

by:VeeVan
ID: 11820267
And yes, it's SBS 2003 premium.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Expert Comment

by:AndyJG247
ID: 11822162
Hi,

No need to reformat.   Main question I would ask is are you using both of the network cards in the server?

By default you have RRAS as a 'kind of' firewall setup when you run the internet connection wizard through the SBS console.  If you have both network cards in use then you would need to install ISA from the premium cd (same as the SQL one) following the installation guide that auto boots with the cd.  When it is installed it asks you to run the internet wizard again and sets itself up automatically.

If you have only one network card in use then things get a bit more complicated as ISA will only work as a proxy rather than a firewall.  With this scenario you might find it easier to stay as you are.  Have you tried "http://www.grc.com/default.htm" - Mr Gibsons Shields Up utility will allow you to scan your ip address for holes for information purposes.

One word of caution of course - if you need any inbound access - like smtp mail or you are publishing your own website etc you would need to allow these in via ISA - however I am assuming you would have had to do this on your router anyway so you would already know of this.

http://www.smallbizserver.net - this is a fantastic resource by Mariette Knap & Marina Roos MVP's if it helps.

cheers
Andy
0
 
LVL 1

Author Comment

by:VeeVan
ID: 11822838
I have two network cards in the machine. I am only using one of them currently. I will take a look and see how complicated it would be to setup the Firewall in SBS, too. Thanks for all the input. I greatly appreciate it.

Vee
0
 
LVL 1

Author Comment

by:VeeVan
ID: 11822850
PS: I already LOVE SBS. It's a great tool for those of us who are computer proficient, but network scared!!
V
0
 
LVL 2

Expert Comment

by:AndyJG247
ID: 11825002
No problems.  Hope it all goes well.

cheers
Andy
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question