[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

What does the Cisco 501 exactly protect me from?


I am going to be running an Exchange 2003 server on at a remote location, hosted by a Server provider. The only thing this box will be doing is hosting the mail server and the Domain Controller (I know it's not suggested that the DC be on the same box as the Exchange Server but cost dictates that I do it this way)

The Provider has suggested that I get a firewall from them (Cisco 501). The cost is additional $150 a month from the provider  and I'm wondering if this is something I really need.
Some of the questions I have:

Does this prevent me from getting Mailbombed?
Does this stop Spam?

What would be the main reason for having this device attached to a Mail server?

Thanks very much,

1 Solution
Thats the SoHo version of the CiscoPix, you could pay for one in 5 months instead of renting monthly.  It will stop attacks but not someone who keeps sending mail, you'll need some sort of mail filter for that.  It won't stop spam either.  You may be able to get a plugin for it to do that, but that is a small piece of hardware already so I would suggest getting a second appliance to take care of the Spam.  Hope this helps.  Here is more info on the 501:

The PIX 501 includes an integrated 4-port Fast Ethernet (10/100) switch and a Fast Ethernet (10/100) interface. Ideal for securing high-speed broadband environments, the Cisco PIX 501 delivers up to 60 Mbps of firewall throughput, 3 Mbps of Triple Data Encryption Standard (3DES) VPN throughput, and 4.5 Mbps of Advanced Encryption Standard-128 (AES) VPN throughput.

To answer your other question about why would you want this in front of the exchange server:

You should always use some sort of firewalling device, some people prefer software (Not me) and some hardware.  I would never stick a Microsoft or Unix/Linux email server or web server straight on a live IP.  Firewall, firewall, firewall!
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

It seems a little high for cost of managing a firewall for just one server.  

How is this connected to your network for the use of exchange and being a DC?  The network config would dictate some of what you would need to protect it.

A side not for spam filtering, I have used spamstopshere.com and absolutely have loved the service.  Costs less than solutions to manage it locally and they do all the work.  It does well enough that my users generally tell me when they get spam.  It's that rare.
michaelshavelAuthor Commented:
Thanks for all the quick responses.
To mhequipit:   You said you would never put a box on a live IP w/o a firewall. I still don't exactly understand why.
What am I being protected from?  What does a firewall device do well and what does it do poorly?

To Dpait: In answer to your question, This Server isn't connected to my network, it's at a Service provider.  The way we will be using it is primarily for OWA (Outlook Web Access). I may need to VPN into the box though. Otherwise I will be using Remote Desktop to manage it.


A firewall is going to allow you open only the ports you want and need open.  It will keep you safe from script kiddies, ddos, etc.
A firewall will block all unwanted traffic from your server thus reducing the attack vectors all those unsavory people try to do to our systems.  If you just plug the server into the internet with a valid internet IP it's like inviting everyone in the world to be on the same local network that your server is on.

For this scenario you would only maybe want port 25 for smtp mail and port 443 open for owa.  Also a port for vpn access of some sort.   Anyways, the point being you only have the required ports open for the world to see.

A question for you would be why are you doing this with your own server?  It appears you may not have a significant amount of knowledge about securing your computer and network.  It could possibly be a better approach to just pay a service provider to handle all the back end of a OWA system for you.  Just a thought....

The Cisco may also be able to give you a secure VPN access to the server also.  You definitely do not want to leave RDP open on the internet to your server.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now