Solved

Need a software firewall for Server 2003 Web Edition

Posted on 2004-09-08
6
433 Views
Last Modified: 2013-11-16
Hello,

I recently ordered a dedicated server that came with windows server 2003 web edition.  I would like to install a different firewall on this box because the one i'm using I don't like.  First a little background on the box and what I have done so far.

The box is windows server 2003 WEB EDITION.  This means it comes with no ICF, otherwise that would be good enough for the time being.  The box is also at a NOC of which I do not have control over, so there would be no chance I could setup something hardware related.  The solution must be software that is on the box itself.  So then my first inclination would be to use ZoneAlarm from ZoneLabs.  I purchased this firewall, installed it and it seems to "do the job" to an extent, but there are a few things that make me nervous about using zonealarm:

1)  during the install, i was told that zonealarm isn't intended for server environments and that my installation would not be supported.
2)  zonealarm has program access control... a nice feature but i don't deem that nessecary right now.  I just want your basic port lockdown kind of tool...  besides... zonealarm kicked me out of my terminal service session (i have no physical access to the box) the first time i installed it, and I had to wait for a support tech to open port 3389 before i could continue setting it up.
3)  users have reported sporatic access to certain ports on my box... some users can't open certain ports at all on my box, while others can.
4)  under a normal confinguration, i can only use terminal services for about 30-60 seconds before the connection stalls and i have to reconnect... this happened until i added my ip to the trusted zone, and turned off the firewall completely for the trusted zone.

So i go out searching for another software firewall...  I have tried PortsLock, which i can't even get to lock down a simple port on my test box here at home...  I've looked into other software, but they are all "personal firewalls," something i would like to get around if i can.  ISA server is far too expensive, and I would think that it would require a server 2003 Standard Edition install anyway (my two options at this box are 2003 web and BSD - and for right now, i need a windows box).  I looked into Symantec Enterprise Firewall, but their licensing information page has no information on that product *sigh*.  I would try black ice, but i've heard bad things about that as well.

So to recap... i am looking for a software firewall that provides basic port locking, won't kick me out automatically when i install it (although i might be able to get around that using zonealarm during the install process), that not only runs on 2003 server web edition, but might actually be geared towards a server environment.  I don't need anything that will help me administer client boxes in my environment.. just one box:  a server.


Thank you so much in advance.  
-Chris
0
Comment
Question by:movemedia
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12012653
Windows 2003 comes with Internet Connection Firewall already there...
0
 
LVL 4

Author Comment

by:movemedia
ID: 12012766
lrmoore,

Thanks for your comment.  In my question i state that I have already explored this avenue.  you are right, windows server 2003 STANDARD does come with Internet Connection Firewall (ICF), windows server 2003 WEB EDITION (the version i have) does not.

Taken from http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/hnw_enable_firewall.asp :
"Internet Connection Sharing, Internet Connection Firewall, and Network Bridge are included only with Windows Server 2003, Standard Edition, and the 32-bit version of Windows Server 2003, Enterprise Edition. These features are not included with Windows Server 2003, Web Edition; the 32-bit version of Windows Server 2003, Datacenter Edition; or the 64-bit versions of the Windows Server 2003 family."

it is also not possible for me to upgrade from windows 2003 web to standard.  my options at that NOC are windows 2003 web or bsd, and for right now, i need a windows box.  (i am not 1337 enough to be a bsd admin).

Thanks,
-Chris
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12016146
Gotcha. Sorry I missed that point in your first post...

Have you tried BlackIce ? I know it works on Windows 2000 server.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 4

Author Comment

by:movemedia
ID: 12018134
lrmoore,

Not a problem.  In my first post I mentioned that I have heard bad things about blackICE, mostly in an environment where i do not have console access (only via terminal services).  My fear is that, once installed, it will automatically lock up port 3389, thus blocking terminal services.  (that same thing happened to me with zonealarm, since the program takes the stance of locking everything down first, then prompting the user for access).  Also, BlackICE seems to be more for personal workstations, not servers.  I'm sure I could install it on 2003 server web, but i am concerned about it's reliability.  I am really looking for something designed for servers.  there HAS to be something out there... right?

any other suggestions?

-Chris
0
 

Assisted Solution

by:alester
alester earned 250 total points
ID: 12150387
Have you tried any Mcafee Firewall software?  http://www.mcafee.com
0
 
LVL 4

Author Comment

by:movemedia
ID: 13330656
thanks for replying guys.  

I ended up with deerfield visnetic firewall.  works great.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Static IP 5 76
Fortinet FWs backdoor vulnerability 3 85
Failover and load Balancing WLB Resource Failed 2 222
IP Phones with SonicWall 6 68
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now