Solved

Server 2003 ent edition Firewall

Posted on 2006-10-25
4
327 Views
Last Modified: 2010-08-05
Hi all
I am running server 2003 ent edition domain.  I have few questions for windows firewall:
-One of my servers is running VPN server and has RRAS enabled and I do not want it to be disabled as it is working as the router for my Lan and external connections.  My firewall at the moment is Cisco_2811 router.    I tried to enable windows firewall on this server and it gives me "windows firewall cannot run because another program or service is running that might use the network address translation component ipnat.sys".  If I have to enable firewall anywhere else I need help?

-Should I use the windows firewall on all my servers ?  If I enable it on exchange users cannot see the logon page in OWA.?

-FOr my other servers which do not run VPN servers should I enable windows firewall ?  is it feasible to use on a server 2003?  how secured?


THanks
AM
0
Comment
Question by:amanzoor
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:taylorludwig
ID: 17806239
Is your VPN server set up as a front end server? if not then your servers are protected from the internet because your cisco router is acting as a firewall for all of them.  

Usually you dont want to run windows firewall on a server unless it is a front end server (meaning that it connects directly to the internet and has an external IP address)

Is there a reason you want to enable windows firewall?

I would suggest just having your cisco router be the only device with an external IP addres then forward neccessary ports to the dedicated servers. Such as 25, 80, 443 to the exchange server to allow for smtp, http, and https.  Then forward the VPN port to your vpn server (cant remember the port number off hand) and then just leave firewall disabled on all of your servers.

0
 
LVL 4

Author Comment

by:amanzoor
ID: 17806706
taylorludwig:
If I understood it correctly.  An external IP has been mapped to the internal ip.  I am using that address for my vpn connnection.  If its not safe how to make it safe.  Also I am using Terminal server with it.
-By reading above it seems like my server is a front end ?  How to find out if my server is a front end server ? help plz
-I want to make my server which is running VPN to be secured.  help plz
-IC please help me so that I just map the ports for my VPN server in the ROUTER 2811 and other important services like http, https, etc.  
By understanding your comments I am sure my server is mapped directly to one of hte external ip's.  I would like to make it more secured by opening just the ports for VPN and other important services.  Also this server is a sharepoint portal server so I need to know its ports also.  Help plz
AM
0
 
LVL 3

Accepted Solution

by:
taylorludwig earned 500 total points
ID: 17824886
What you need to do is have only your router be assigned the external ip.

Then your server have an address we will say 192.168.1.2

Then on your router configuration you need to forward the follwing ports to 192.168.1.2
https: 443
http: 80
terminal services: 3389
vpn: 1723

sharepoing should just work on port 80 unless you have it set up different.  Also if you want the admin site to be available to the public or just you if you are behind the firewall then you will need to forward whatever port you have for the sharepoint admin to 192.168.1.2 also.

Is your vpn up and running already?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 17826694
taylorludwig:
Thanks for your comments.  I have checked it and I think I am secured.  As I have only opened up ports 1723 and gre on that particular external address.  I tried using RDP externally and it did not work.  Thats what I want.  Thanks a lot.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question