Solved

Server 2003 ent edition Firewall

Posted on 2006-10-25
4
317 Views
Last Modified: 2010-08-05
Hi all
I am running server 2003 ent edition domain.  I have few questions for windows firewall:
-One of my servers is running VPN server and has RRAS enabled and I do not want it to be disabled as it is working as the router for my Lan and external connections.  My firewall at the moment is Cisco_2811 router.    I tried to enable windows firewall on this server and it gives me "windows firewall cannot run because another program or service is running that might use the network address translation component ipnat.sys".  If I have to enable firewall anywhere else I need help?

-Should I use the windows firewall on all my servers ?  If I enable it on exchange users cannot see the logon page in OWA.?

-FOr my other servers which do not run VPN servers should I enable windows firewall ?  is it feasible to use on a server 2003?  how secured?


THanks
AM
0
Comment
Question by:amanzoor
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:taylorludwig
ID: 17806239
Is your VPN server set up as a front end server? if not then your servers are protected from the internet because your cisco router is acting as a firewall for all of them.  

Usually you dont want to run windows firewall on a server unless it is a front end server (meaning that it connects directly to the internet and has an external IP address)

Is there a reason you want to enable windows firewall?

I would suggest just having your cisco router be the only device with an external IP addres then forward neccessary ports to the dedicated servers. Such as 25, 80, 443 to the exchange server to allow for smtp, http, and https.  Then forward the VPN port to your vpn server (cant remember the port number off hand) and then just leave firewall disabled on all of your servers.

0
 
LVL 4

Author Comment

by:amanzoor
ID: 17806706
taylorludwig:
If I understood it correctly.  An external IP has been mapped to the internal ip.  I am using that address for my vpn connnection.  If its not safe how to make it safe.  Also I am using Terminal server with it.
-By reading above it seems like my server is a front end ?  How to find out if my server is a front end server ? help plz
-I want to make my server which is running VPN to be secured.  help plz
-IC please help me so that I just map the ports for my VPN server in the ROUTER 2811 and other important services like http, https, etc.  
By understanding your comments I am sure my server is mapped directly to one of hte external ip's.  I would like to make it more secured by opening just the ports for VPN and other important services.  Also this server is a sharepoint portal server so I need to know its ports also.  Help plz
AM
0
 
LVL 3

Accepted Solution

by:
taylorludwig earned 500 total points
ID: 17824886
What you need to do is have only your router be assigned the external ip.

Then your server have an address we will say 192.168.1.2

Then on your router configuration you need to forward the follwing ports to 192.168.1.2
https: 443
http: 80
terminal services: 3389
vpn: 1723

sharepoing should just work on port 80 unless you have it set up different.  Also if you want the admin site to be available to the public or just you if you are behind the firewall then you will need to forward whatever port you have for the sharepoint admin to 192.168.1.2 also.

Is your vpn up and running already?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 17826694
taylorludwig:
Thanks for your comments.  I have checked it and I think I am secured.  As I have only opened up ports 1723 and gre on that particular external address.  I tried using RDP externally and it did not work.  Thats what I want.  Thanks a lot.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now