Solved

Small Business Server (SBS) 2003 behind a Netgear FVS318 Firewall

Posted on 2006-11-23
8
807 Views
Last Modified: 2013-11-16
Hi

I run a small business helping small SMEs improve their business efficency, largely through relatively simple I.T. measures (line-of-business databases, basic networking etc). As such, although 'I.T. savvy', we are jack-of-all-trades rather than specialists in any particular area.

We run SBS 2003 internally and when I set it up a couple of years ago, I sat the server behind a Netgear FVS318 that we happened to have lying around (itself behind a Draytek 2600VG ADSL router).

This arrangement has worked fine for the last couple of years and I use the Netgear VPN client software to access network facilities when out-and-about, with VPN pass-through enabled on the Draytek to the Netgear.

However, over the last couple of years, we have become increasingly familiar with SBS, both on our own server and on our clients', and really like the possibilities that Remote Web Workplace gives - particularly, the capacity to 'dial in', anywhere, straight from a browser.

The question is quite simple, can SBS Remote Web Workplace co-exist with the existing Netgear VPN ?

We do not currently use ISA and our server only has a single network card. Internally, we use 192.168.0.x addresses.

Before I go off on a long exercise to try and get it working (only to screw up the exist Netgear VPN in the process ?!?), if somebody can advise whether what I want to do is possible - and if so, HOW - then that would be really helpful.

Many thanks in advance,

Horatio_too
0
Comment
Question by:horatio_too
  • 3
  • 3
  • 2
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18004702
Absolutely.

There is an existing protocol called RDP (remote desktop protocol) which uses tcp port 3389. To test this on your own system first, set a port forwarding rule for tcp port 3389 on the Draytek to the Netgear. You can also tell it to only accept port 3389 from certain IP addresses if you want to lock it down. On the Netgear, create a port forwarding rule to the IP address of the SBS box.

You say it is SBS2003? Right-click the My Computer Icon and choose Properties. Select remote and make sure the box (Remote Desktop) is checked. Bt default it will allow Domain Admins to use the service but if you want other users to do so then use the options tab although I would suggest you would not want a user to log into a server.

Thats about it.....
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18004710
This is a useful link. I know it says sbs 2000 but the concept is the same.
http://www.microsoft.com/technet/prodtechnol/sbs/2000/reskit/sbrk0016.mspx?mfr=true
0
 

Author Comment

by:horatio_too
ID: 18006434
Dear Keith,

Many thanks for taking the time to reply and for the subsequent link.

We are familar with forwarding Port 3389, but are you sure that that is the ONLY port that we need to forward ?

For full Remote Web Working, we are used to going to http://aaa.bbb.ccc.ddd/remote, where aaa.bbb.ccc.ddd is the static, external IP address of the router behind which the SBS server is sitting.

This then, after domain login, gives access to the SBS machine's remote 'welcome' page, from which users can chose such things as managing server or client desktops, accessing Exchange via OWA, visiting SBS's Sharepoint site etc.

However, we have ONLY ever seen this working on SBS machines (a) with two NICs, running ISA and (b) no hardware firewall running its own VPN as well.

As such, we have seen answers on other forums that suggest that ports INCLUDING 443, 444, 1723, 3389 and 4125 need to be forwarded to the SBS box, for RWW to fully work.

We have also seen a number of posts such as "You will need to disable the VPN services on the router entirely or the 1723 port forward will not work" - hence my post here !

Any comments or guidance would be appreciated - even if it is a simple recommendation to re-post the question in the SBS section of EE !

Thanks once again for your time.

Horatio_too

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 18007826
Remote Web Workpace is unique to Small Business Server. As a result many of us are less familiar with it than Remote Desktop. You need to enable port forwarding for it, similar to Keith's instructions, but rather than the standard 3389, it requires ports 443 and 4125 be forwarded to your small business server. Then you can connect with http://aaa.bbb.ccc.ddd/remote
--Rob
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 77

Expert Comment

by:Rob Williams
ID: 18007863
By the way the above assumes RWW has been enabled on the server. If not:
-On the SBS, under administrative tools open the "Server Management" console. In the console click on Internet and e-mail on the left, and on the page that opens on the right, choose connect to the Internet, even though you may have done this before. The wizard will allow you to add to, or change your present configurations. If you already have an Internet connection you really only need to make one addition, but just verify the current options and click next through the screens. If you only have one network adapter configured, you will be prompted regarding the firewall. One network adapter is fine, click no to viewing documentation, and continue. On the "Web Services configuration" page, if it is not already enabled, check "Allow access to only the following web site services", and check the box for "Remote Web Workplace". If "Allow access to the entire web site from the Internet" is already checked that is fine too, but as a rule I recommend you only enable the services you plan to use. Then just continue through the next options and finish.
-If only administrators are connecting you are done on the server. If others wish to connect, and have access to their own desktop, with their existing permissions, they need to be added to the Remote Web Workplace Users Group, located under "Security Groups", again in the Server Management console, and also have remote desktop enabled on their workstation.

Should you enable other services at the same time, you will need
 port 443 for Outlook web access (80 if not using HTTPS -not recommended)
 port 444 for Sharepoint
0
 

Author Comment

by:horatio_too
ID: 18114121
Keith/RobWill,

Thank you both for the input. Sorry for the delay in accepting the answer and closing the question, but illness and some other family matters intervened.

Horatio_too
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18114613
Thanks Horatio_too.
Hope all is well now with you and your family.
--Rob
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18116985
Welcome. Sorry my link didn't help you.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now