Solved

Firewall installation for new servers setup.

Posted on 2006-11-13
7
220 Views
Last Modified: 2013-11-16
I'm looking for the best way to protect a brand new server installation.
I'll have 2 web and email servers (Windows or Linux) i have not yet decided.
One Blackberry BES 4.1 server. One Exchange 2003 server and one SQL 2005 server.
And  last but not the least, one server that will act as a backup server with Blackberry Bes 4.1,
Exchange 2003 and SQL 2005.
All this will be hosted on fiber 100mb isp.

I'd like to know what kind of firewall to use and if the server will have internet ip's or private ip's.
Any suggestions about hardware and software will be appreciate.
0
Comment
Question by:reseautica
7 Comments
 
LVL 3

Accepted Solution

by:
bugsaif earned 250 total points
ID: 17936074
If you're looking to save some money (doesn't appear to be the case) and still wanting a decent firewall you might want to look in to:
Link - http://www.smoothwall.org/ - Linux based firewall

On the other hand see if you can get your hands on a couple of Cisco PIX 515E's or 525's will be even better but a bit overkill for your requirements.
Link - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ - The industry standard

And no the servers don't NEED to have public addresses, they can if you want to give them public addresses. What you'll want to do is setup the servers on an internal lan with private addresses, and then get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside.

Configuration guides are available all over the web... just google for them or you can ask for help here...

Saif
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17936241
Protection from what to what?
What traffic will you be allowing inbound?
0
 

Author Comment

by:reseautica
ID: 17937615
Thanks "bugsaif" for the answer.

Can you explain a bit more on your answer "get an appropriately long public subnet from your ISP and then have the PIX or whatever firewall you choose NAT it to the servers on the inside". Maybe direct me to some good website for details.

Here more of this setup to help you and other's understand.

Blackberry server working on port 3101.
Exchange server goes along with Blackberry for activation and mail.
SQL and www are for the database and apps.
We send some job to blackberry handhelds (275) Tech are completing them and are returned.
All this are done using ports 8080 to 8090. Apps must be access via web.
Also looking for a way to have a redundant exchange 2003 setup.

thanks alls
 
0
 
LVL 3

Expert Comment

by:bugsaif
ID: 17940601
So you say you have 5 servers.

Solution 1: Get 5 public IP addresses from your ISP and assign each IP to a server. Have the firewall NAT (Network Address Translate) then to the internal servers.

Solution 2: Get 2 public IP addresses from your ISP and have your firewall PAT (Port Address Translate) them to the internal server.

NATing - http://en.wikipedia.org/wiki/Network_address_translation
PATing - http://en.wikipedia.org/wiki/Port_address_translation

Getting PIXs you can set them up for redudancy and PIXs are the industry standard. I don't know what amount of traffic you will be dealing with so better consult the Cisco site for device throughputs.

Saif
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 250 total points
ID: 17946271
I have experience/certifications with the following.

Watchguard
Checkpoint
Pix Accelerators /Concentrators
Sonicwall

And return on investment over the years has been watchguard.
comes with 8 ports so you can also separate your DB from you web farm and create multiple DMZ's...
If you need extreme granularity and I REALLY mean extreme get a checkpoint.


0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how  to upgrade  to windows 10 56 147
Rule Iptables 1 69
RV042G  Gigabit Dual WAN VPN Router error when saving Upnp list 3 62
VPN tunnel between Watchguard and OpenVPN? 1 126
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question