Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

Server 2003 ent edition Firewall

Hi all
I am running server 2003 ent edition domain.  I have few questions for windows firewall:
-One of my servers is running VPN server and has RRAS enabled and I do not want it to be disabled as it is working as the router for my Lan and external connections.  My firewall at the moment is Cisco_2811 router.    I tried to enable windows firewall on this server and it gives me "windows firewall cannot run because another program or service is running that might use the network address translation component ipnat.sys".  If I have to enable firewall anywhere else I need help?

-Should I use the windows firewall on all my servers ?  If I enable it on exchange users cannot see the logon page in OWA.?

-FOr my other servers which do not run VPN servers should I enable windows firewall ?  is it feasible to use on a server 2003?  how secured?


THanks
AM
0
amanzoor
Asked:
amanzoor
  • 2
  • 2
1 Solution
 
taylorludwigCommented:
Is your VPN server set up as a front end server? if not then your servers are protected from the internet because your cisco router is acting as a firewall for all of them.  

Usually you dont want to run windows firewall on a server unless it is a front end server (meaning that it connects directly to the internet and has an external IP address)

Is there a reason you want to enable windows firewall?

I would suggest just having your cisco router be the only device with an external IP addres then forward neccessary ports to the dedicated servers. Such as 25, 80, 443 to the exchange server to allow for smtp, http, and https.  Then forward the VPN port to your vpn server (cant remember the port number off hand) and then just leave firewall disabled on all of your servers.

0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
taylorludwig:
If I understood it correctly.  An external IP has been mapped to the internal ip.  I am using that address for my vpn connnection.  If its not safe how to make it safe.  Also I am using Terminal server with it.
-By reading above it seems like my server is a front end ?  How to find out if my server is a front end server ? help plz
-I want to make my server which is running VPN to be secured.  help plz
-IC please help me so that I just map the ports for my VPN server in the ROUTER 2811 and other important services like http, https, etc.  
By understanding your comments I am sure my server is mapped directly to one of hte external ip's.  I would like to make it more secured by opening just the ports for VPN and other important services.  Also this server is a sharepoint portal server so I need to know its ports also.  Help plz
AM
0
 
taylorludwigCommented:
What you need to do is have only your router be assigned the external ip.

Then your server have an address we will say 192.168.1.2

Then on your router configuration you need to forward the follwing ports to 192.168.1.2
https: 443
http: 80
terminal services: 3389
vpn: 1723

sharepoing should just work on port 80 unless you have it set up different.  Also if you want the admin site to be available to the public or just you if you are behind the firewall then you will need to forward whatever port you have for the sharepoint admin to 192.168.1.2 also.

Is your vpn up and running already?
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
taylorludwig:
Thanks for your comments.  I have checked it and I think I am secured.  As I have only opened up ports 1723 and gre on that particular external address.  I tried using RDP externally and it did not work.  Thats what I want.  Thanks a lot.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now