?
Solved

Firewall for SBS2003 configured as a public webserver

Posted on 2009-04-03
10
Medium Priority
?
271 Views
Last Modified: 2012-05-06
We have a standalone SBS 2003 SP2 running as a public webserver (IIS 6) with no external or software firewall running. We require to close certain TCP ports, so can anyone suggest the most painfree way to achieve this ? The machine has no clients so NAT/routing is not needed. I strongly prefer not to install ISA if possible, although it's premium SBS so we do have it if really needed.

Thanks...
0
Comment
Question by:longrob604
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 12

Expert Comment

by:Steve
ID: 24057732
how is this server connected to th internet ? a router ? a modem ? a switch and then a router ?

the firewall should be setup at your point of entry.. eg.. router.. block all, and only allow the ports through that you require..
0
 

Author Comment

by:longrob604
ID: 24057799
It's housed in a secure Data Centre, and they just provide a socket to plug into....
0
 
LVL 12

Expert Comment

by:Steve
ID: 24057817
then you either need to install a 'dual ethernet' router that you can manage, so you can setup the firewall as above, or you need to install a software firewall on that machine..

there are a hundred different software firewalls available..

ISA (as you've mentioned), zonealarm, blackice etc etc..
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:longrob604
ID: 24057901
Thanks. A software firewall would be easiest - for one thing it would not need a trip to the data center (I hope). Can you advise on which software firewall could be most appropriate (and particularly easy to set up) given that the only requirement is to close some ports and no need for NAT etc.
0
 
LVL 12

Expert Comment

by:Steve
ID: 24058014
hmm.. problem you'll have is that if you install a firewall remotely it'll probably lock you out as well as your www clients with a message on the screen asking whether to allow the connections or not..

so you might need a trip in there anyway unless you have iLO or a remote access KVM you can use to control the console..

personally i'd use zonealarm.. but thats just me..
0
 

Author Comment

by:longrob604
ID: 24058146
I'm not too worried abou the the WWW clients, but I use remote desktop over SSL 2 - so if I install zonealarm will it lock me out ?
0
 
LVL 12

Expert Comment

by:Steve
ID: 24058568
yeah it could well lock you out..the default rule is deny all, then allow only what is explicitly allowed.. that goes for all firewall software that im aware of..  i'd be planning a trip to the DC to be sure.. last thing you want is to be locked out..
0
 
LVL 12

Accepted Solution

by:
Steve earned 750 total points
ID: 24058587
0
 

Author Closing Comment

by:longrob604
ID: 31566152
Thanks for your help !
0
 

Author Comment

by:longrob604
ID: 24065230
Unfortunately I have been a little hasty in closing this. It seems that zonealarm is not supported on windows server, and although it apparently does work, I'd much rather have a supported solution. Do you have any other software solutions (apart from ISA) for SBS 2003 SP2, again bearing in mind that all I need to do is close some ports ? I checked Blackice/IBM but it seems incredibly expensive.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month15 days, left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question