Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

Firewall for SBS2003 configured as a public webserver

We have a standalone SBS 2003 SP2 running as a public webserver (IIS 6) with no external or software firewall running. We require to close certain TCP ports, so can anyone suggest the most painfree way to achieve this ? The machine has no clients so NAT/routing is not needed. I strongly prefer not to install ISA if possible, although it's premium SBS so we do have it if really needed.

Thanks...
0
longrob604
Asked:
longrob604
  • 5
  • 5
1 Solution
 
SteveNetwork ManagerCommented:
how is this server connected to th internet ? a router ? a modem ? a switch and then a router ?

the firewall should be setup at your point of entry.. eg.. router.. block all, and only allow the ports through that you require..
0
 
longrob604Author Commented:
It's housed in a secure Data Centre, and they just provide a socket to plug into....
0
 
SteveNetwork ManagerCommented:
then you either need to install a 'dual ethernet' router that you can manage, so you can setup the firewall as above, or you need to install a software firewall on that machine..

there are a hundred different software firewalls available..

ISA (as you've mentioned), zonealarm, blackice etc etc..
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
longrob604Author Commented:
Thanks. A software firewall would be easiest - for one thing it would not need a trip to the data center (I hope). Can you advise on which software firewall could be most appropriate (and particularly easy to set up) given that the only requirement is to close some ports and no need for NAT etc.
0
 
SteveNetwork ManagerCommented:
hmm.. problem you'll have is that if you install a firewall remotely it'll probably lock you out as well as your www clients with a message on the screen asking whether to allow the connections or not..

so you might need a trip in there anyway unless you have iLO or a remote access KVM you can use to control the console..

personally i'd use zonealarm.. but thats just me..
0
 
longrob604Author Commented:
I'm not too worried abou the the WWW clients, but I use remote desktop over SSL 2 - so if I install zonealarm will it lock me out ?
0
 
SteveNetwork ManagerCommented:
yeah it could well lock you out..the default rule is deny all, then allow only what is explicitly allowed.. that goes for all firewall software that im aware of..  i'd be planning a trip to the DC to be sure.. last thing you want is to be locked out..
0
 
SteveNetwork ManagerCommented:
0
 
longrob604Author Commented:
Thanks for your help !
0
 
longrob604Author Commented:
Unfortunately I have been a little hasty in closing this. It seems that zonealarm is not supported on windows server, and although it apparently does work, I'd much rather have a supported solution. Do you have any other software solutions (apart from ISA) for SBS 2003 SP2, again bearing in mind that all I need to do is close some ports ? I checked Blackice/IBM but it seems incredibly expensive.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now