SBS 2003 Firewall configuration

Hi,
(I'm a bit of a novice in small business server administration, so excuse any oversimplifications or general ignorance...)

I have SBS 2003 running on my Domain Controller.  I have an external hw firewall (sonicwall) between my DSL modem and my server, with my server connected to a switch to the patch panel to my clients...

We are a small company (less than 10 workstations) and I have been researching and debating installing ISA server on my SBS 2003 server.  I must admit because of some warnings regarding memory usage, interuption of email and internet service,...I'm leaning against it.

Anyway, when I try and configure the SBS 2003 Firewall on the server, it gives me the error (paraphrasing) - "cannot start windows firewall because another program or service may be using ipnat.sys

Research has led me to several answers - including "Firewall should not be running on a DC"

my questions are-

1) should the windows firewall be able to run on my server?
2) should I run it on my server, being it is the DC?
3) should I install the ISA, and use it in place of the windows firewall?
4) what would happen to the clients using xp pro sp2, with regard to the firewall they are using and the ISA?

Thanks for your help.
shinnmillAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That's because you should NOT use the Windows Firewall... SBS uses Routing and Remote Access as it's firewall if you aren't going to install ISA.  Honestly, I don't use ISA for most of my clients because the cost to manage it is generally more than it's worth (in my opinion).  

So, to fully answer your questions:


1) should the windows firewall be able to run on my server?
NO

2) should I run it on my server, being it is the DC?
Still NO

3) should I install the ISA, and use it in place of the windows firewall?
It wouldn't be in place of the windows firewall, but it would be in place of RRAS.

4) what would happen to the clients using xp pro sp2, with regard to the firewall they are using and the ISA?
Having a firewall on your clients is still a good thing.  SBS automatically configures the XP firewall as needed.

The way that ALL of this is done is throught the Configure Email and Internet Connection Wizzard (CEICW) -- which is linked as "Connect to the Internet" in Server Management Console > Internet & Email.  

Recommended 2 NIC configuration:  http://sbsurl.com/twonics
CEICW info:  http://sbsurl.com/ceicw and http://sbsurl.com/msicw
Basic security info:  http://sbsurl.com/security

Jeff
TechSoEasy


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
lol, awesome Jeff,
Thanks
Keith :)
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Might as well let it out with both barrels!  :-)

TSE
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.