[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Small Business Server (SBS) 2003 behind a Netgear FVS318 Firewall

Posted on 2006-11-23
8
Medium Priority
?
816 Views
Last Modified: 2013-11-16
Hi

I run a small business helping small SMEs improve their business efficency, largely through relatively simple I.T. measures (line-of-business databases, basic networking etc). As such, although 'I.T. savvy', we are jack-of-all-trades rather than specialists in any particular area.

We run SBS 2003 internally and when I set it up a couple of years ago, I sat the server behind a Netgear FVS318 that we happened to have lying around (itself behind a Draytek 2600VG ADSL router).

This arrangement has worked fine for the last couple of years and I use the Netgear VPN client software to access network facilities when out-and-about, with VPN pass-through enabled on the Draytek to the Netgear.

However, over the last couple of years, we have become increasingly familiar with SBS, both on our own server and on our clients', and really like the possibilities that Remote Web Workplace gives - particularly, the capacity to 'dial in', anywhere, straight from a browser.

The question is quite simple, can SBS Remote Web Workplace co-exist with the existing Netgear VPN ?

We do not currently use ISA and our server only has a single network card. Internally, we use 192.168.0.x addresses.

Before I go off on a long exercise to try and get it working (only to screw up the exist Netgear VPN in the process ?!?), if somebody can advise whether what I want to do is possible - and if so, HOW - then that would be really helpful.

Many thanks in advance,

Horatio_too
0
Comment
Question by:horatio_too
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18004702
Absolutely.

There is an existing protocol called RDP (remote desktop protocol) which uses tcp port 3389. To test this on your own system first, set a port forwarding rule for tcp port 3389 on the Draytek to the Netgear. You can also tell it to only accept port 3389 from certain IP addresses if you want to lock it down. On the Netgear, create a port forwarding rule to the IP address of the SBS box.

You say it is SBS2003? Right-click the My Computer Icon and choose Properties. Select remote and make sure the box (Remote Desktop) is checked. Bt default it will allow Domain Admins to use the service but if you want other users to do so then use the options tab although I would suggest you would not want a user to log into a server.

Thats about it.....
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18004710
This is a useful link. I know it says sbs 2000 but the concept is the same.
http://www.microsoft.com/technet/prodtechnol/sbs/2000/reskit/sbrk0016.mspx?mfr=true
0
 

Author Comment

by:horatio_too
ID: 18006434
Dear Keith,

Many thanks for taking the time to reply and for the subsequent link.

We are familar with forwarding Port 3389, but are you sure that that is the ONLY port that we need to forward ?

For full Remote Web Working, we are used to going to http://aaa.bbb.ccc.ddd/remote, where aaa.bbb.ccc.ddd is the static, external IP address of the router behind which the SBS server is sitting.

This then, after domain login, gives access to the SBS machine's remote 'welcome' page, from which users can chose such things as managing server or client desktops, accessing Exchange via OWA, visiting SBS's Sharepoint site etc.

However, we have ONLY ever seen this working on SBS machines (a) with two NICs, running ISA and (b) no hardware firewall running its own VPN as well.

As such, we have seen answers on other forums that suggest that ports INCLUDING 443, 444, 1723, 3389 and 4125 need to be forwarded to the SBS box, for RWW to fully work.

We have also seen a number of posts such as "You will need to disable the VPN services on the router entirely or the 1723 port forward will not work" - hence my post here !

Any comments or guidance would be appreciated - even if it is a simple recommendation to re-post the question in the SBS section of EE !

Thanks once again for your time.

Horatio_too

0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 77

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 18007826
Remote Web Workpace is unique to Small Business Server. As a result many of us are less familiar with it than Remote Desktop. You need to enable port forwarding for it, similar to Keith's instructions, but rather than the standard 3389, it requires ports 443 and 4125 be forwarded to your small business server. Then you can connect with http://aaa.bbb.ccc.ddd/remote
--Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18007863
By the way the above assumes RWW has been enabled on the server. If not:
-On the SBS, under administrative tools open the "Server Management" console. In the console click on Internet and e-mail on the left, and on the page that opens on the right, choose connect to the Internet, even though you may have done this before. The wizard will allow you to add to, or change your present configurations. If you already have an Internet connection you really only need to make one addition, but just verify the current options and click next through the screens. If you only have one network adapter configured, you will be prompted regarding the firewall. One network adapter is fine, click no to viewing documentation, and continue. On the "Web Services configuration" page, if it is not already enabled, check "Allow access to only the following web site services", and check the box for "Remote Web Workplace". If "Allow access to the entire web site from the Internet" is already checked that is fine too, but as a rule I recommend you only enable the services you plan to use. Then just continue through the next options and finish.
-If only administrators are connecting you are done on the server. If others wish to connect, and have access to their own desktop, with their existing permissions, they need to be added to the Remote Web Workplace Users Group, located under "Security Groups", again in the Server Management console, and also have remote desktop enabled on their workstation.

Should you enable other services at the same time, you will need
 port 443 for Outlook web access (80 if not using HTTPS -not recommended)
 port 444 for Sharepoint
0
 

Author Comment

by:horatio_too
ID: 18114121
Keith/RobWill,

Thank you both for the input. Sorry for the delay in accepting the answer and closing the question, but illness and some other family matters intervened.

Horatio_too
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18114613
Thanks Horatio_too.
Hope all is well now with you and your family.
--Rob
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18116985
Welcome. Sorry my link didn't help you.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question