• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

adding a linux firewall for exchange server

Right now I have been asked to add a firewall to our network for our exchange server. We are running Exchange server on a stand alone server that also acts as a secondary dns server for our network. Is there a distro anyone would reccomend? Or is there any applications or services we should use in paticular?

Also what potential complications would there be running a firewall in front of our exchange server/secondary dns server?

Would it be much easier just to run a isa server instead?

Thanks for your help as allways!

-Brian
0
Calv1n
Asked:
Calv1n
1 Solution
 
alextoftCommented:
IPcop is very capable in these kinds of scenarios. Plug internet into 1 socket, LAN into the other. Point and click gui interface. For mail all you're going to need is port 25 open. 80 & 443 for the Outlook Web Access, and 53 for DNS.

Any linux distro can easily take care of this, but if you're not comfortable working command line, try something like SuSE which has a very easy to use graphical firewall control panel.

ISA (InSecurity &  Annihilation  server) is the worst kind, and avoided at all costs.
0
 
pjedmondCommented:
I particularly recommend smoothwall www.smoothwall.org, or Devil Linux www.devil-linux.org. Astaro linux is a superb (but commercial Firewall distribution - www.astaro.com).

Why use a dedicated linux firewall?:

1.  Minimal software on the box to be compromised.
2.  chroot setup minimises the software available to 'abuse' from 1 even further.
3.  Seperate box, so even if the firewall is compromised, the attackers still haven't gained access to corporate secrets.
4.   Can be used to provide a firewall/vpn capability without degrading your main server's capabilities.
5.   If you use an 'old' PC, then you can have a high quality configurable firewall virtually free of charge! How much will the isa server set you back?

(   (()
(`-' _\
 ''  ''
0
 
xylogCommented:
If you are inexperienced at Linux I would recommend Smoothwall - http://www.smoothwall.org/ or IPcop as above, both are similar and capable linux based firewalls, Smoothwall has a free version as well as a commercial version. I have used both and both are good IMHO.

If you are hardcore I would recommend OpenBSD. You dont need much beyond the default install to have a highly capable firewall and it is one of, if not the most secure OS's there is.

I have to disagree with the previous comments on ISA server. It is a fine firewall - the big problem here is the underlying OS - You dont want to have reboot your firewall everytime MS puts out a browser patch. That said You can lock down ISA and Windows to make a secure it just takes alot longer than with a linux based system.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now