Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Server 2003 ent edition Firewall

Posted on 2006-10-25
4
Medium Priority
?
335 Views
Last Modified: 2010-08-05
Hi all
I am running server 2003 ent edition domain.  I have few questions for windows firewall:
-One of my servers is running VPN server and has RRAS enabled and I do not want it to be disabled as it is working as the router for my Lan and external connections.  My firewall at the moment is Cisco_2811 router.    I tried to enable windows firewall on this server and it gives me "windows firewall cannot run because another program or service is running that might use the network address translation component ipnat.sys".  If I have to enable firewall anywhere else I need help?

-Should I use the windows firewall on all my servers ?  If I enable it on exchange users cannot see the logon page in OWA.?

-FOr my other servers which do not run VPN servers should I enable windows firewall ?  is it feasible to use on a server 2003?  how secured?


THanks
AM
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:taylorludwig
ID: 17806239
Is your VPN server set up as a front end server? if not then your servers are protected from the internet because your cisco router is acting as a firewall for all of them.  

Usually you dont want to run windows firewall on a server unless it is a front end server (meaning that it connects directly to the internet and has an external IP address)

Is there a reason you want to enable windows firewall?

I would suggest just having your cisco router be the only device with an external IP addres then forward neccessary ports to the dedicated servers. Such as 25, 80, 443 to the exchange server to allow for smtp, http, and https.  Then forward the VPN port to your vpn server (cant remember the port number off hand) and then just leave firewall disabled on all of your servers.

0
 
LVL 4

Author Comment

by:amanzoor
ID: 17806706
taylorludwig:
If I understood it correctly.  An external IP has been mapped to the internal ip.  I am using that address for my vpn connnection.  If its not safe how to make it safe.  Also I am using Terminal server with it.
-By reading above it seems like my server is a front end ?  How to find out if my server is a front end server ? help plz
-I want to make my server which is running VPN to be secured.  help plz
-IC please help me so that I just map the ports for my VPN server in the ROUTER 2811 and other important services like http, https, etc.  
By understanding your comments I am sure my server is mapped directly to one of hte external ip's.  I would like to make it more secured by opening just the ports for VPN and other important services.  Also this server is a sharepoint portal server so I need to know its ports also.  Help plz
AM
0
 
LVL 3

Accepted Solution

by:
taylorludwig earned 2000 total points
ID: 17824886
What you need to do is have only your router be assigned the external ip.

Then your server have an address we will say 192.168.1.2

Then on your router configuration you need to forward the follwing ports to 192.168.1.2
https: 443
http: 80
terminal services: 3389
vpn: 1723

sharepoing should just work on port 80 unless you have it set up different.  Also if you want the admin site to be available to the public or just you if you are behind the firewall then you will need to forward whatever port you have for the sharepoint admin to 192.168.1.2 also.

Is your vpn up and running already?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 17826694
taylorludwig:
Thanks for your comments.  I have checked it and I think I am secured.  As I have only opened up ports 1723 and gre on that particular external address.  I tried using RDP externally and it did not work.  Thats what I want.  Thanks a lot.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question