Windows 2008 server firewall

Hey Guys,

I am setting up a server 2008 with exchange 2007

I only have one machine. But will be running a server in VM as well

I need some suggestions on the firewall.

I have worked with ASA's and linux firewall's as well like IPCop (extremely easy to manage)

I don't have a budget of a ASA and don't have the environment to setup another machine for IPCOP.

So was looking into the starting models of netgear firewall / sonicwall.

Netgear also comes with a VPN functionality. Can someone guide how does that work as I have never used one of those...also the sonic wall

The RRAS in server 2008 seems like a idea too but I am not sure how safe that it.

I also need to be able to give certain IP's to certain ports only and rest ip's cannot connect to that port. Not just simple port forwarding.

Thanks

LVL 1
ShivtekAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
you could specify a rule in the windows firewall to allow certain ip addresses to access rras and block the rest... but you can do that in a netgear/sonicwall too.  

the netgear/sonicwall would be a little "safer" because it won't rely on windows passwords which could become known to outside parties.

with the netgear, you can have it hardware controlled between 2 netgears (one at the remote site) or the remote computers can use the netgear vpn client software to connect to it.  or, if you go with the rras, each remote computer could have a vpn client connection set up as an icon they would run

http://kb.netgear.com/app/answers/detail/a_id/970

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pierre FrançoisSenior consultantCommented:
You can install IPCop as a virtual machine. You give the IP address of the VM running IPCop as default gateway to your Server so that every traffic going out of your server passes through IPCop. For the incoming traffic to be firewalled through IPCop, I think you have to put the virtual NIC of IPCop in bridged mode.

Anyway, a Windows server is never secure, until the contrary is proven, which didn't happen yet. Why don't you install a Linux VM server with TWO virtual machines: one running IPCop, and the other one running Windows and Exchange 2007? IPCop can run smoothly inside a VM using only 128MB RAM.
ShivtekAuthor Commented:
I am setting up IPcop on the esxi server now, and it seems to work fine.

So I have a modem (internet) and have 2 nic cards on the machine (physically)

I want to make one of those nic cards the internet interface (red) for the ipcop dedicated.

And the other nic card will become the green network for the lan.

Just wondering how do I specify in vmware that nic card 1 is the internet...
ShivtekAuthor Commented:
Also was wondering if there is a similar way like, vmnet 0-9 , bridged etc.
Pierre FrançoisSenior consultantCommented:
IPCop uses the first NIC as green.

To specify that the virtual NIC #2 (red) is the Internet, you have to go to the VMWare interface > virtual machine IPCop > network devices and set up that virtual NIC as bridge to the physical NIC (so: bridged). The virtual. The NIC #1 (green) can be on a virtual network (vmnet0 v.gr.). Any virtual machine wanting to access the Internet through IPCop needs to have the IP address of (NIC #1 on green) as gateway.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.