• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7142
  • Last Modified:

SBS 2003 Firewall configuration

Hi,
(I'm a bit of a novice in small business server administration, so excuse any oversimplifications or general ignorance...)

I have SBS 2003 running on my Domain Controller.  I have an external hw firewall (sonicwall) between my DSL modem and my server, with my server connected to a switch to the patch panel to my clients...

We are a small company (less than 10 workstations) and I have been researching and debating installing ISA server on my SBS 2003 server.  I must admit because of some warnings regarding memory usage, interuption of email and internet service,...I'm leaning against it.

Anyway, when I try and configure the SBS 2003 Firewall on the server, it gives me the error (paraphrasing) - "cannot start windows firewall because another program or service may be using ipnat.sys

Research has led me to several answers - including "Firewall should not be running on a DC"

my questions are-

1) should the windows firewall be able to run on my server?
2) should I run it on my server, being it is the DC?
3) should I install the ISA, and use it in place of the windows firewall?
4) what would happen to the clients using xp pro sp2, with regard to the firewall they are using and the ISA?

Thanks for your help.
0
shinnmill
Asked:
shinnmill
  • 2
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
That's because you should NOT use the Windows Firewall... SBS uses Routing and Remote Access as it's firewall if you aren't going to install ISA.  Honestly, I don't use ISA for most of my clients because the cost to manage it is generally more than it's worth (in my opinion).  

So, to fully answer your questions:


1) should the windows firewall be able to run on my server?
NO

2) should I run it on my server, being it is the DC?
Still NO

3) should I install the ISA, and use it in place of the windows firewall?
It wouldn't be in place of the windows firewall, but it would be in place of RRAS.

4) what would happen to the clients using xp pro sp2, with regard to the firewall they are using and the ISA?
Having a firewall on your clients is still a good thing.  SBS automatically configures the XP firewall as needed.

The way that ALL of this is done is throught the Configure Email and Internet Connection Wizzard (CEICW) -- which is linked as "Connect to the Internet" in Server Management Console > Internet & Email.  

Recommended 2 NIC configuration:  http://sbsurl.com/twonics
CEICW info:  http://sbsurl.com/ceicw and http://sbsurl.com/msicw
Basic security info:  http://sbsurl.com/security

Jeff
TechSoEasy


0
 
Keith AlabasterCommented:
lol, awesome Jeff,
Thanks
Keith :)
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Might as well let it out with both barrels!  :-)

TSE
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now