IIS Server and firewalling Port 80

Posted on 2006-04-12
Last Modified: 2013-11-16
This fall we will be converting our primary database application to a new version that uses a web server as the front end. I have setup the server using Windows Server 2003 Web Edition.
The server exists on my network and has an internal Class C address.
My Cisco 2600 router has a route in it that points any requests to this web server's domain name to the internal Ip address.
I can ping the domain name and run a tracert to it.  The web server has Ports 80 & 443 open. The new application requires Port 80
to be open.

My question:
Until this time we have not had a firewall in place.  We have relied on NAT to protect us. If I put a firewall in place, what method will it use to determine a valid
attempt to access this web server vs an invalid attempt?

Question by:krlseidl
    LVL 32

    Assisted Solution

    A firewall would work for Layer3 and Layer4 network traffic. But if you are concerned only about the port opening, I believe you already have the solution on the 2600 utilizing Nat's and access-lists, don't you?

    All it takes is to find out the protocol and port it uses to connect and use the ACL.

    access-list 100 permit <tcp/udp> any host <Webserver> eq <PortNo.>

    and apply it to the interface.

    LVL 51

    Accepted Solution

    This really depends on the firewall that you choose. different firewalls will do different jobs. ISA server for example is an application-layer firewall which means it protects right up to layer 7 of the OSI model. Some firewalls only perform as Rajesh states to layer 3 & 4 (TCP/IP - IPX/SPX etc)

    NAT in itself, is not always sufficient as it simply masks addresses from one interface to another. The control mechanism is down to your own planning and the capabilities of the firewall.

    For example,
    trapping on the source address of the call to an allowed set of clients.
    SSL ceriticates and switching the port to port 443 instead of 80.
    Using the firewall to prompt for additional username/password authentication such as RADIUS requests.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thank you

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now