Solved

Configure a Firewall in a excisting network

Posted on 2006-06-20
13
210 Views
Last Modified: 2013-11-16
I have a client who had another IT compnay setup their whole network from scratch. The used to have a netgear router/firewall installed as their main gateway. Once the company redid the network the took out the Netgear and installed a regular 16 port switch. They are running SBS2003 and it is setup as the gateway/router/DHCP/DNS/ etc......This leaves them with no security at all. How is it possible to place a firewall in between the modem and the server or in between the server and the switch? not to sure how this goes but i think its the modem and server. Also what do i need to configure to set this up properly? This sort of urgent as they are worried they are prone to hackers etc...the urgency is the reason for the 500 POINTS.
0
Comment
Question by:nexxsupport
  • 6
  • 6
13 Comments
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16945396
So the setup is something similar to

Network ................. Router (win machine) ---------- modem ------------ Internet

Is that right? What sort of Internet connection is there (what modem is it) ?

Cheers
0
 

Author Comment

by:nexxsupport
ID: 16945476
they are using Static DSL Connection. Yes thats the setup.
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16945685
In a simple firewall setup you could place as shown below:

Network ................. Router (win machine) ----- FW ---------- modem ------------ Internet

The firewall could be a Linux machine which has some very good security options available by using iptables. IpTable are really good !! and Linux, would be a cheap box also.

Another option is installing a hardware firewall (like a cisco PIX).

Of course, after having the devices in place, you have to set them up. As I believe you know already, this depends entirely of what services are operating on the network.

Let me know if you need any help.

Cheers
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:nexxsupport
ID: 16946518
i was looking for something like a hardware firewall. There are only like 4 users and 1 PDC thats it. I was wondering if it was possible if i could just place a box somewhere. Some people recommend Symantec Security applicance they go for  like $400 or a watchguard. Im just hesitant if i can configure the box to any subnet i want. They are using 10.0.0.X subnet. I know most boxes are programmed as 192.168.X.X.
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16946935
To be honest, you could go with linux as the firewall box and that would be for free!! I don't think it is justified to go for a hardware firewall for 4-5 users!

IN addition to the firewall protecting the entry point in your network, you could also protect further more by implementing desktop firewall on each pc.

Cheers
0
 

Author Comment

by:nexxsupport
ID: 16947005
yea they have windows firewall on their XP machines. I know they wont go for a new server, do you not recommend getting something like the symantec gateway security 320? i was recommnded that model. Also when i do decide on a frewall. Do place it between the ISP modem and the server? if so what configurations need to be done on the server? will i need to configure the firewall with the ISP's info?
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16947078
I don't know the symantec gateway security 320. If I was you and had the money, I would buy a Cisco PIX. Depending on the model, they are not that expensive. The disadvantage would be that PIXes are not that user-friendly and you must know what you are doing when setting it up.

In fact, what option you choose, it really depends on what level of security you/they want! And if you think about it, then you should also consider what information they are trying to protect! Bear in mind that security level is according to what you protect! Also, the more security you put in place, the harder it is going to be to manage it.

And yes; you can place the firewall between the server and the modem. Depending on the firewall you implement, you shouldn't need to do much on the server. You will have to configure the firewall though! When you get to that stage, let us know.

Cheers.
0
 

Author Comment

by:nexxsupport
ID: 16947102
ok I will. will i not need the server to look at the firewall before sending out or accepting requests? We have the firewall here, but i have not installed it yet.
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 16947146
Is the firewall that is going to look at the packets/inspect them. That the whole idea realy!
The only config I can think of you might have to do on the server and all other machines is set the firewall as the default gateway in tcp/ip properties.

cheers
0
 

Author Comment

by:nexxsupport
ID: 16947165
ok i will try that...so what i've done so far is give it a static IP. But the what is the firewalls gateway?
0
 
LVL 11

Accepted Solution

by:
rafael_acc earned 500 total points
ID: 16947952
Network ................. Router (win machine) ----- FW ---------- modem ------------ Internet

Now, considering your firewall is correctly configured, you should configure all the internal machines and the server to use the firewall as a defautl gateway. To do that use tcp/ip properties (Right click My Network Places, select Properties, ...)

Cheers
0
 

Author Comment

by:nexxsupport
ID: 16948431
so i must configure the firewall with the ISP's info? If so that would make sense to the connectivity issues.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question