Improve company productivity with a Business Account.Sign Up

x
?
Solved

Firewall installation for new servers setup.

Posted on 2006-11-13
7
Medium Priority
?
229 Views
Last Modified: 2013-11-16
I'm looking for the best way to protect a brand new server installation.
I'll have 2 web and email servers (Windows or Linux) i have not yet decided.
One Blackberry BES 4.1 server. One Exchange 2003 server and one SQL 2005 server.
And  last but not the least, one server that will act as a backup server with Blackberry Bes 4.1,
Exchange 2003 and SQL 2005.
All this will be hosted on fiber 100mb isp.

I'd like to know what kind of firewall to use and if the server will have internet ip's or private ip's.
Any suggestions about hardware and software will be appreciate.
0
Comment
Question by:reseautica
5 Comments
 
LVL 3

Accepted Solution

by:
bugsaif earned 1000 total points
ID: 17936074
If you're looking to save some money (doesn't appear to be the case) and still wanting a decent firewall you might want to look in to:
Link - http://www.smoothwall.org/ - Linux based firewall

On the other hand see if you can get your hands on a couple of Cisco PIX 515E's or 525's will be even better but a bit overkill for your requirements.
Link - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ - The industry standard

And no the servers don't NEED to have public addresses, they can if you want to give them public addresses. What you'll want to do is setup the servers on an internal lan with private addresses, and then get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside.

Configuration guides are available all over the web... just google for them or you can ask for help here...

Saif
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17936241
Protection from what to what?
What traffic will you be allowing inbound?
0
 

Author Comment

by:reseautica
ID: 17937615
Thanks "bugsaif" for the answer.

Can you explain a bit more on your answer "get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside". Maybe direct me to some good website for details.

Here more of this setup to help you and other's understand.

Blackberry server working on port 3101.
Exchange server goes along with Blackberry for activation and mail.
SQL and www are for the database and apps.
We send some job to blackberry handhelds (275) Tech are completing them and are returned.
All this are done using ports 8080 to 8090. Apps must be access via web.
Also looking for a way to have a redundant exchange 2003 setup.

thanks alls
 
0
 
LVL 3

Expert Comment

by:bugsaif
ID: 17940601
So you say you have 5 servers.

Solution 1: Get 5 public IP addresses from your ISP and assign each IP to a server. Have the firewall NAT (Network Address Translate) then to the internal servers.

Solution 2: Get 2 public IP addresses from your ISP and have your firewall PAT (Port Address Translate) them to the internal server.

NATing - http://en.wikipedia.org/wiki/Network_address_translation
PATing - http://en.wikipedia.org/wiki/Port_address_translation

Getting PIXs you can set them up for redudancy and PIXs are the industry standard. I don't know what amount of traffic you will be dealing with so better consult the Cisco site for device throughputs.

Saif
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 1000 total points
ID: 17946271
I have experience/certifications with the following.

Watchguard
Checkpoint
Pix Accelerators /Concentrators
Sonicwall

And return on investment over the years has been watchguard.
comes with 8 ports so you can also separate your DB from you web farm and create multiple DMZ's...
If you need extreme granularity and I REALLY mean extreme get a checkpoint.


0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…

585 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question