IIS Server and firewalling Port 80

This fall we will be converting our primary database application to a new version that uses a web server as the front end. I have setup the server using Windows Server 2003 Web Edition.
The server exists on my network and has an internal Class C address.
My Cisco 2600 router has a route in it that points any requests to this web server's domain name to the internal Ip address.
I can ping the domain name and run a tracert to it.  The web server has Ports 80 & 443 open. The new application requires Port 80
to be open.

My question:
Until this time we have not had a firewall in place.  We have relied on NAT to protect us. If I put a firewall in place, what method will it use to determine a valid
attempt to access this web server vs an invalid attempt?

krlseidlAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
A firewall would work for Layer3 and Layer4 network traffic. But if you are concerned only about the port opening, I believe you already have the solution on the 2600 utilizing Nat's and access-lists, don't you?

All it takes is to find out the protocol and port it uses to connect and use the ACL.

access-list 100 permit <tcp/udp> any host <Webserver> eq <PortNo.>

and apply it to the interface.

Cheers,
Rajesh
0
Keith AlabasterEnterprise ArchitectCommented:
This really depends on the firewall that you choose. different firewalls will do different jobs. ISA server for example is an application-layer firewall which means it protects right up to layer 7 of the OSI model. Some firewalls only perform as Rajesh states to layer 3 & 4 (TCP/IP - IPX/SPX etc)

NAT in itself, is not always sufficient as it simply masks addresses from one interface to another. The control mechanism is down to your own planning and the capabilities of the firewall.

For example,
trapping on the source address of the call to an allowed set of clients.
SSL ceriticates and switching the port to port 443 instead of 80.
Using the firewall to prompt for additional username/password authentication such as RADIUS requests.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.