raortman
asked on
Inet Security for Windows Small Business Server 2003
Greetings all,
I'm a total newbie at MS Small Biz Server. I know enough about networking to be dangerous to myself and those around me.
The MS instructions seem to be incomprehensible murk.
Many questions: What is the best (most secure) way to hook our new server up the the Internet? Right now, it's behind a Symantec Security Appliance. The serever has 2 NICs. We want to host our own SSL extranet, as well as have ftp, mail, & etc.
Hardware firewall a good idea? If yes, then which one? Will the Symantec work? Or would a Cisco PIX or NetScreen 5GT (or something else) be better?
We have purchased 5 fixed IPs. A regular website would use one of the IPs. The SSL extranet uses another. How do you do the routing so that a user can get through to the correct IP?
Thanks in advance,
/RO/
I'm a total newbie at MS Small Biz Server. I know enough about networking to be dangerous to myself and those around me.
The MS instructions seem to be incomprehensible murk.
Many questions: What is the best (most secure) way to hook our new server up the the Internet? Right now, it's behind a Symantec Security Appliance. The serever has 2 NICs. We want to host our own SSL extranet, as well as have ftp, mail, & etc.
Hardware firewall a good idea? If yes, then which one? Will the Symantec work? Or would a Cisco PIX or NetScreen 5GT (or something else) be better?
We have purchased 5 fixed IPs. A regular website would use one of the IPs. The SSL extranet uses another. How do you do the routing so that a user can get through to the correct IP?
Thanks in advance,
/RO/
ASKER
Hi Michael,
Yes. Your comment helps.
Is there anything about the Cisco that should make me want to abandon my (brand new) Symantec Gateway Security 360 router? Or can I do everything that needs to be done with the Symantec appliance? It's very programmable.
Also, I just completely don't understand how different WAN IPs are routed to specific services on the server--through the firewall.
If we were hooking the server up directly to the net, we could put all 5 of our new fixed IPs into its NIC.
But the Symantec router seems to work with only 2 IPs: the Gateway IP and the first static IP from our ISP.
Can we (should we) assign different IPs to different services on the server? One to email. One to ftp, and etc?
Many thanks,
/RO/
Yes. Your comment helps.
Is there anything about the Cisco that should make me want to abandon my (brand new) Symantec Gateway Security 360 router? Or can I do everything that needs to be done with the Symantec appliance? It's very programmable.
Also, I just completely don't understand how different WAN IPs are routed to specific services on the server--through the firewall.
If we were hooking the server up directly to the net, we could put all 5 of our new fixed IPs into its NIC.
But the Symantec router seems to work with only 2 IPs: the Gateway IP and the first static IP from our ISP.
Can we (should we) assign different IPs to different services on the server? One to email. One to ftp, and etc?
Many thanks,
/RO/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
whatever way you choose, you need to configure your firewall (software or hardware doesn't make any difference) to allow the port 80 (for web) , 21/20 ( for ftp), and 443 for SSL. Mail is SMTP 25 and POP 110. each one of these ports has to be mapped to certain server inside your network. It is preferred that your inside network use an intranet IP address instead of Public (Router will identify which server it goes to by the port address - for example if an incomming mail hits the CiscoPIX, it reaches there in port 25, Cisco then knows to send port 25 traffic to server inside your network 192,168,1,6).
hope this helps
thanks,
Michael
www-e-charts.com