Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Server 2003 ent edition Firewall

Posted on 2006-10-25
4
329 Views
Last Modified: 2010-08-05
Hi all
I am running server 2003 ent edition domain.  I have few questions for windows firewall:
-One of my servers is running VPN server and has RRAS enabled and I do not want it to be disabled as it is working as the router for my Lan and external connections.  My firewall at the moment is Cisco_2811 router.    I tried to enable windows firewall on this server and it gives me "windows firewall cannot run because another program or service is running that might use the network address translation component ipnat.sys".  If I have to enable firewall anywhere else I need help?

-Should I use the windows firewall on all my servers ?  If I enable it on exchange users cannot see the logon page in OWA.?

-FOr my other servers which do not run VPN servers should I enable windows firewall ?  is it feasible to use on a server 2003?  how secured?


THanks
AM
0
Comment
Question by:amanzoor
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:taylorludwig
ID: 17806239
Is your VPN server set up as a front end server? if not then your servers are protected from the internet because your cisco router is acting as a firewall for all of them.  

Usually you dont want to run windows firewall on a server unless it is a front end server (meaning that it connects directly to the internet and has an external IP address)

Is there a reason you want to enable windows firewall?

I would suggest just having your cisco router be the only device with an external IP addres then forward neccessary ports to the dedicated servers. Such as 25, 80, 443 to the exchange server to allow for smtp, http, and https.  Then forward the VPN port to your vpn server (cant remember the port number off hand) and then just leave firewall disabled on all of your servers.

0
 
LVL 4

Author Comment

by:amanzoor
ID: 17806706
taylorludwig:
If I understood it correctly.  An external IP has been mapped to the internal ip.  I am using that address for my vpn connnection.  If its not safe how to make it safe.  Also I am using Terminal server with it.
-By reading above it seems like my server is a front end ?  How to find out if my server is a front end server ? help plz
-I want to make my server which is running VPN to be secured.  help plz
-IC please help me so that I just map the ports for my VPN server in the ROUTER 2811 and other important services like http, https, etc.  
By understanding your comments I am sure my server is mapped directly to one of hte external ip's.  I would like to make it more secured by opening just the ports for VPN and other important services.  Also this server is a sharepoint portal server so I need to know its ports also.  Help plz
AM
0
 
LVL 3

Accepted Solution

by:
taylorludwig earned 500 total points
ID: 17824886
What you need to do is have only your router be assigned the external ip.

Then your server have an address we will say 192.168.1.2

Then on your router configuration you need to forward the follwing ports to 192.168.1.2
https: 443
http: 80
terminal services: 3389
vpn: 1723

sharepoing should just work on port 80 unless you have it set up different.  Also if you want the admin site to be available to the public or just you if you are behind the firewall then you will need to forward whatever port you have for the sharepoint admin to 192.168.1.2 also.

Is your vpn up and running already?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 17826694
taylorludwig:
Thanks for your comments.  I have checked it and I think I am secured.  As I have only opened up ports 1723 and gre on that particular external address.  I tried using RDP externally and it did not work.  Thats what I want.  Thanks a lot.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question