adding a linux firewall for exchange server

Right now I have been asked to add a firewall to our network for our exchange server. We are running Exchange server on a stand alone server that also acts as a secondary dns server for our network. Is there a distro anyone would reccomend? Or is there any applications or services we should use in paticular?

Also what potential complications would there be running a firewall in front of our exchange server/secondary dns server?

Would it be much easier just to run a isa server instead?

Thanks for your help as allways!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IPcop is very capable in these kinds of scenarios. Plug internet into 1 socket, LAN into the other. Point and click gui interface. For mail all you're going to need is port 25 open. 80 & 443 for the Outlook Web Access, and 53 for DNS.

Any linux distro can easily take care of this, but if you're not comfortable working command line, try something like SuSE which has a very easy to use graphical firewall control panel.

ISA (InSecurity &  Annihilation  server) is the worst kind, and avoided at all costs.
I particularly recommend smoothwall, or Devil Linux Astaro linux is a superb (but commercial Firewall distribution -

Why use a dedicated linux firewall?:

1.  Minimal software on the box to be compromised.
2.  chroot setup minimises the software available to 'abuse' from 1 even further.
3.  Seperate box, so even if the firewall is compromised, the attackers still haven't gained access to corporate secrets.
4.   Can be used to provide a firewall/vpn capability without degrading your main server's capabilities.
5.   If you use an 'old' PC, then you can have a high quality configurable firewall virtually free of charge! How much will the isa server set you back?

(   (()
(`-' _\
 ''  ''

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you are inexperienced at Linux I would recommend Smoothwall - or IPcop as above, both are similar and capable linux based firewalls, Smoothwall has a free version as well as a commercial version. I have used both and both are good IMHO.

If you are hardcore I would recommend OpenBSD. You dont need much beyond the default install to have a highly capable firewall and it is one of, if not the most secure OS's there is.

I have to disagree with the previous comments on ISA server. It is a fine firewall - the big problem here is the underlying OS - You dont want to have reboot your firewall everytime MS puts out a browser patch. That said You can lock down ISA and Windows to make a secure it just takes alot longer than with a linux based system.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.