Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 629
  • Last Modified:

WINDOWS 2003 NLB \ WINDOWS FIREWALL

I have two 2003  web servers and would like to use them with NLB. Is it possible to use NLB and use the windows firewall as well?
0
webiis
Asked:
webiis
  • 3
  • 3
  • 2
1 Solution
 
rob_AXSNLCommented:
No you can't as the whole NLB network must be protected as someone could mess up the heart beat. So, the NLB subnet must be protected by a firewall.
0
 
webiisAuthor Commented:
Ah! so the NLB cluster IP can not be a public IP. Must be a private IP with a nat setup.
0
 
Greg HejlPrincipal ConsultantCommented:
you can run the heartbeat on a backend subnet or on a management lan.

NLB can have a public address - MS firewall would need to be carefully setup. members of the nlb operate their own firewalls.

but - any new build should be placed behind a nat firewall. best practice
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
webiisAuthor Commented:
I can setup a backend subnet pretty easily. I am running v sphere. I'm not sure what you mean by "members of nlb operate their own firewalls" ?
Do I enable the windows firewall on each server? Will it block functions of NLB?
0
 
Greg HejlPrincipal ConsultantCommented:
set up nlb - look over your domain fw settings for nlb entries - apply public fw to adapter - test nlb

if you put behind NAT fw then you wont have to worry about it.
0
 
rob_AXSNLCommented:
Ah! so the NLB cluster IP can not be a public IP. Must be a private IP with a nat setup.

Behind a firewall doesnt mean is has to be nat. You can assign a public ip address to your dmz and just open up tcp 80 and 443...
0
 
webiisAuthor Commented:
greg - do you have an article you can forward me on the setup using the native windows firewall. Just so I have some kind of guide.
0
 
Greg HejlPrincipal ConsultantCommented:
sure thing:

http://technet.microsoft.com/en-us/network/bb545423.aspx

http://blogs.technet.com/b/mempson/archive/2008/02/26/key-firewall-ports-for-windows-server-2008.aspx

this shows both UI's for the firewall:
http://blogs.technet.com/b/sbs/archive/2010/02/18/managing-your-firewalls-with-sbs-2008-and-windows-7.aspx

this talks about replication port usage:  there's a good link to IANA port numbers in it.

http://blogs.technet.com/b/askds/archive/2007/08/24/dynamic-client-ports-in-windows-server-2008-and-windows-vista-or-how-i-learned-to-stop-worrying-and-love-the-iana.aspx

the rules in the firewall are very granular and will allow you to open ports just for your subnets and/or public access.

I do not recommend placing the server directly on the internet.  
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now