Windows Server internet routing planning advice needed

Hi fellow experts,

I have got three internet connections, two normal DSL routers and one with a subnet of 5 public static IP addresses. There are several servers on my internal LAN offering web and mail services, as well as clients surfing the 'net etc.

Now instead of buying a router with 3 WAN ports and the ability to route entire public subnets I'm thinking about using a Windows server (2008 installed and running, 2012 R2 license available if needed) as a router.

Is that a good idea, also with respect to security/firewall? Can this also handle failover as well as prioritization (e.g. SMTP traffic always using one WAN port, while outgoing surfing uses another)? And how about the incoming traffic?

Thanks for your thoughts,
Tom
StaudteAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SteveConnect With a Mentor Commented:
Firstly, yes you can use server as a router/firewall. The RRAS service can handle most routing but you'd need something like ISA server (now called Forefront TMG) to achieve all of what you are looking for.
I wouldn't recommend considering this if the server you consider using is already used for anything else. Best to dedicate it to the firewall/router role if possible.

For the cost, you might as well buy a good firewall and do it properly. Watchguards, Ciscos and even some Drayteks can achieve most or all of what you want.
0
 
CoralonConnect With a Mentor Commented:
You'd probably be better off using a stripped down Linux machine to be your firewall/WAN router.  Smoothwall is an excellent choice to do this.  

Windows security has vastly improved over the years, but a hardened linux package is still more secure.

Coralon
0
 
StaudteAuthor Commented:
Thanks to both of you - your inputs where very useful.

@Totallytonto: I would have proceeded along the Forefront TMG route, had the product not been discontinued by Microsoft without replacement... I have now ordered a Watchguard XTM 25 box, which appears to do what I want.

@Coralon: Thanks a lot for the hint "smoothwall". I've picked up the string there and done a bit of research on hardened Linux systems, starting with smoothwall. All free version have some drawbacks, usually lack of functionality (smoothwall express does not support multiple external IPs, for example) or lack of frequent and automatic updates. All this is available in the commercial twins of such products, but the price tag of these is even higher than a dedicated Watchguard box, so I've  rather purchased such a box.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.