Solved

Firewall for SBS2003 configured as a public webserver

Posted on 2009-04-03
10
262 Views
Last Modified: 2012-05-06
We have a standalone SBS 2003 SP2 running as a public webserver (IIS 6) with no external or software firewall running. We require to close certain TCP ports, so can anyone suggest the most painfree way to achieve this ? The machine has no clients so NAT/routing is not needed. I strongly prefer not to install ISA if possible, although it's premium SBS so we do have it if really needed.

Thanks...
0
Comment
Question by:longrob604
  • 5
  • 5
10 Comments
 
LVL 12

Expert Comment

by:Steve
ID: 24057732
how is this server connected to th internet ? a router ? a modem ? a switch and then a router ?

the firewall should be setup at your point of entry.. eg.. router.. block all, and only allow the ports through that you require..
0
 

Author Comment

by:longrob604
ID: 24057799
It's housed in a secure Data Centre, and they just provide a socket to plug into....
0
 
LVL 12

Expert Comment

by:Steve
ID: 24057817
then you either need to install a 'dual ethernet' router that you can manage, so you can setup the firewall as above, or you need to install a software firewall on that machine..

there are a hundred different software firewalls available..

ISA (as you've mentioned), zonealarm, blackice etc etc..
0
 

Author Comment

by:longrob604
ID: 24057901
Thanks. A software firewall would be easiest - for one thing it would not need a trip to the data center (I hope). Can you advise on which software firewall could be most appropriate (and particularly easy to set up) given that the only requirement is to close some ports and no need for NAT etc.
0
 
LVL 12

Expert Comment

by:Steve
ID: 24058014
hmm.. problem you'll have is that if you install a firewall remotely it'll probably lock you out as well as your www clients with a message on the screen asking whether to allow the connections or not..

so you might need a trip in there anyway unless you have iLO or a remote access KVM you can use to control the console..

personally i'd use zonealarm.. but thats just me..
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Author Comment

by:longrob604
ID: 24058146
I'm not too worried abou the the WWW clients, but I use remote desktop over SSL 2 - so if I install zonealarm will it lock me out ?
0
 
LVL 12

Expert Comment

by:Steve
ID: 24058568
yeah it could well lock you out..the default rule is deny all, then allow only what is explicitly allowed.. that goes for all firewall software that im aware of..  i'd be planning a trip to the DC to be sure.. last thing you want is to be locked out..
0
 
LVL 12

Accepted Solution

by:
Steve earned 250 total points
ID: 24058587
0
 

Author Closing Comment

by:longrob604
ID: 31566152
Thanks for your help !
0
 

Author Comment

by:longrob604
ID: 24065230
Unfortunately I have been a little hasty in closing this. It seems that zonealarm is not supported on windows server, and although it apparently does work, I'd much rather have a supported solution. Do you have any other software solutions (apart from ISA) for SBS 2003 SP2, again bearing in mind that all I need to do is close some ports ? I checked Blackice/IBM but it seems incredibly expensive.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now