Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Best Firewall For My Uses

Posted on 2012-03-27
14
Medium Priority
?
590 Views
Last Modified: 2012-06-27
I am looking for the best/cheapest firewall that will do the following

Create a "service" (i.e. Exchange e-mail uses smtp - tcp/25)

Create rules for packet filtering (i.e. "Exchnage service" to accept/forward anything from "External Ip address" to destination "local address of server"

Create rules for NAT port forwarding (i.e. "Exchange Service" to forward anything from "external IP address" to destination "Public IP address of server"


We were using a Snapgear/Mcaffee 560 - It just died on us and now our exchange email is down. I need a possible temp solution as well as the best fit for what we need.

Any thoughts?
0
Comment
Question by:hdts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 37772987
Sonicwall has some good firewalls and the interface is very much like you describe.

I think you can demo their interface here:
http://livedemo.sonicwall.com/
0
 
LVL 20

Expert Comment

by:agonza07
ID: 37773004
As for the quick solution, maybe get a small linksys from a local Bestbuy or OfficeDepot and configure port forwarding to the Exchange server until you have a good firewall in place.
0
 

Author Comment

by:hdts
ID: 37773734
just got a net gear. Trying to learn about it now.

Hopefully this will do what I need. Will post an update in a few
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:hdts
ID: 37773970
Here are the screenshots between a similar SG setup with arbitrary numbers so you can understand how we set those up.

Then there is shots of the new net gear. Can you guys tell me if this is going to work...seems close to the SG but not quite...can someone point me in the right direction?
Old Unitold unit (replacement)old unit (replacement)New UnitNew UnitNew Unit
0
 
LVL 20

Accepted Solution

by:
agonza07 earned 2000 total points
ID: 37774168
BTW, make sure to always delete your WAN IP address from the screenshots. You never know who's out there....

Kinda hard without seeing the drop-downs. But for the most part should be something like this:

Add an inbound service.
On the Service drop-down you'll need to select TCP port 25 or SMTP
Action: Allow (or whatever option resembles an allow rule)
Schedule: One that is 24x7
Send to LAN server 10.10.10.1
Leave the translate to port number unchecked.

for WAN destination IP, try to leave that as "WAN" and select apply for now.

Then do the same as above, but add these ports...
On the service drop-down you'll need to select port TCP 80 or HTTP
On the service drop-down you'll need to select port TCP 443 or HTTPS
On the service drop-down you'll need to select port TCP 4125

try that and see if it works.

Here are two things though that you'll need to check on afterwards.

1) The WAN IP - Not sure how many IPs you have or if the IP you currently have on your netgear is what you had on your old system, so see if you can check out the administration page and verify that. Otherwise, you'll either have to manually change your IP or add additional IPs to your netgear.

2) Allowed hosts to send mail to you, according from your service profile is 64.18.0.1 - 64.18.15.254. So I'm guessing you have a third-party being the only ones sending you mail... just did a reverse and looks like postini... so on the first inbound rule (port 25) make sure to select the WAN users and use the first address 64.18.0.1 as the start and 64.18.15.254 as the finish.
0
 

Author Comment

by:hdts
ID: 37774225
did the inbound rules and still no go

the only thing I didn't put in anywhere was my public IP address (like I did on the old SG).

Any thoughts on that?

I added the postini WAN addresses to the Exchange inbound service (aka smtp). The WAN IP is the same as the old unit.
0
 
LVL 20

Expert Comment

by:agonza07
ID: 37774236
You'll need to check the administration page or status page to see what IP address you have.

If it is not the same 199.X.X.X address you had before, try putting that in manually under the network config page.
0
 

Author Comment

by:hdts
ID: 37774248
no the 199 is not the same - neither is the 10.10.10.1

they are just examples

I have the firewall local and public addresses in and working (server can access the internet)

Where would I put (or make a new inbound service?) the public IP address other than in the initial network page for the WAN static IP address? sorry if I'm slow in getting this
0
 
LVL 20

Expert Comment

by:agonza07
ID: 37774272
The manual entry of the 199 address should be in the "Network Config" tab. Also, if your server has a new IP address, you need to modify the inbound rules and for "Send to LAN Server" you need to input the new address.

I'm sorry too, but I'm not that familiar with NetGear stuff. You may also want to try to call up the NetGear support line. they should be able to walk you through this stuff if you prefer to be on the phone with someone.
0
 

Author Comment

by:hdts
ID: 37774334
yeah its in the network config tab.

maybe ill call them tonight. ill report back
0
 
LVL 20

Expert Comment

by:agonza07
ID: 37774341
Cool. Keep us posted.
I'll help as much as possible, but since I dont have a netgear lying around, I'll just need some screenshots.
0
 

Author Comment

by:hdts
ID: 37774890
started completely over with IT support for net gear and 2 hours later I am in the exact same spot with the rules you explained and still nothing coming in.

Trying a firmware update now
0
 
LVL 20

Expert Comment

by:agonza07
ID: 37774903
Did you verify your external IP? What is your new server IP?
0
 

Author Comment

by:hdts
ID: 37775028
Yep.

Firmware update solved everything!

Thanks for the info!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question