Inet Security for Windows Small Business Server 2003

Greetings all,

I'm a total newbie at MS Small Biz Server.  I know enough about networking to be dangerous to myself and those around me.

The MS instructions seem to be incomprehensible murk.

Many questions:  What is the best (most secure) way to hook our new server up the the Internet?  Right now, it's behind a Symantec Security Appliance.  The serever has 2 NICs.  We want to host our own SSL extranet, as well as have ftp, mail, & etc.

Hardware firewall a good idea?  If yes, then which one?  Will the Symantec work?  Or would a Cisco PIX or NetScreen 5GT (or something else) be better?

We have purchased 5 fixed IPs.  A regular website would use one of the IPs.  The SSL extranet uses another.  How do you do the routing so that a user can get through to the correct IP?

Thanks in advance,

/RO/

raortmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MichaelProCommented:
Yes my suggestion is that your front-end to the internet to be a hardware-based Firewall, such as Cisco PIX. you can have proxy servers inside your network later but you want to make sure your internet side is as bullet-proof as possible. With cisco PIX you can allow certain ports to be mapped to certain servers (e.g. mail/ftp/mail) or you can setup your own DMZ.

whatever way you choose, you need to configure your firewall (software or hardware doesn't make any difference) to allow the port 80 (for web) , 21/20 ( for ftp), and 443 for SSL. Mail is SMTP 25 and POP 110. each one of these ports has to be mapped to certain server inside your network. It is preferred that your inside network use an intranet IP address instead of Public (Router will identify which server it goes to by the port address - for example if an incomming mail hits the CiscoPIX, it reaches there in port 25, Cisco then knows to send port 25 traffic to server inside your network 192,168,1,6).

hope this helps

thanks,
Michael
www-e-charts.com
0
raortmanAuthor Commented:
Hi Michael,

Yes.  Your comment helps.  

Is there anything about the Cisco that should make me want to abandon my (brand new) Symantec Gateway Security 360 router?  Or can I do everything that needs to be done with the Symantec appliance?  It's very programmable.

Also, I just completely don't understand how different WAN IPs are routed to specific services on the server--through the firewall.  

If we were hooking the server up directly to the net, we could put all 5 of our new fixed IPs into its NIC.  

But the Symantec router seems to work with only 2 IPs:  the Gateway IP and the first static IP from our ISP.

 Can we (should we) assign different IPs to different services on the server?  One to email.  One to ftp, and etc?

Many thanks,

/RO/
0
MichaelProCommented:
Ro,
If you already have Symantec Gateway 360 and are comfortable configuring it, that should be good enough. however, i haven't worked with this specific model so i'm not sure if it meets your peformance needs. If you know how to configure this one, my suggestion would be to stick with Symantec one since configuring Cisco would take some time if you are not used to it. Generally, any VPN router would work for you even if you buy a a cheap linksys one but Cisco (or other business products) work like a clock and Linksys doesn't.  

Let me know if you need any more info

Thanks,
Michael
www.e-charts.com
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.