Inet Security for Windows Small Business Server 2003

Posted on 2006-04-17
Last Modified: 2013-11-16
Greetings all,

I'm a total newbie at MS Small Biz Server.  I know enough about networking to be dangerous to myself and those around me.

The MS instructions seem to be incomprehensible murk.

Many questions:  What is the best (most secure) way to hook our new server up the the Internet?  Right now, it's behind a Symantec Security Appliance.  The serever has 2 NICs.  We want to host our own SSL extranet, as well as have ftp, mail, & etc.

Hardware firewall a good idea?  If yes, then which one?  Will the Symantec work?  Or would a Cisco PIX or NetScreen 5GT (or something else) be better?

We have purchased 5 fixed IPs.  A regular website would use one of the IPs.  The SSL extranet uses another.  How do you do the routing so that a user can get through to the correct IP?

Thanks in advance,


Question by:raortman
    LVL 4

    Expert Comment

    Yes my suggestion is that your front-end to the internet to be a hardware-based Firewall, such as Cisco PIX. you can have proxy servers inside your network later but you want to make sure your internet side is as bullet-proof as possible. With cisco PIX you can allow certain ports to be mapped to certain servers (e.g. mail/ftp/mail) or you can setup your own DMZ.

    whatever way you choose, you need to configure your firewall (software or hardware doesn't make any difference) to allow the port 80 (for web) , 21/20 ( for ftp), and 443 for SSL. Mail is SMTP 25 and POP 110. each one of these ports has to be mapped to certain server inside your network. It is preferred that your inside network use an intranet IP address instead of Public (Router will identify which server it goes to by the port address - for example if an incomming mail hits the CiscoPIX, it reaches there in port 25, Cisco then knows to send port 25 traffic to server inside your network 192,168,1,6).

    hope this helps


    Author Comment

    Hi Michael,

    Yes.  Your comment helps.  

    Is there anything about the Cisco that should make me want to abandon my (brand new) Symantec Gateway Security 360 router?  Or can I do everything that needs to be done with the Symantec appliance?  It's very programmable.

    Also, I just completely don't understand how different WAN IPs are routed to specific services on the server--through the firewall.  

    If we were hooking the server up directly to the net, we could put all 5 of our new fixed IPs into its NIC.  

    But the Symantec router seems to work with only 2 IPs:  the Gateway IP and the first static IP from our ISP.

     Can we (should we) assign different IPs to different services on the server?  One to email.  One to ftp, and etc?

    Many thanks,

    LVL 4

    Accepted Solution

    If you already have Symantec Gateway 360 and are comfortable configuring it, that should be good enough. however, i haven't worked with this specific model so i'm not sure if it meets your peformance needs. If you know how to configure this one, my suggestion would be to stick with Symantec one since configuring Cisco would take some time if you are not used to it. Generally, any VPN router would work for you even if you buy a a cheap linksys one but Cisco (or other business products) work like a clock and Linksys doesn't.  

    Let me know if you need any more info


    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now