Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Server internet routing planning advice needed

Posted on 2014-04-02
3
Medium Priority
?
252 Views
Last Modified: 2014-04-04
Hi fellow experts,

I have got three internet connections, two normal DSL routers and one with a subnet of 5 public static IP addresses. There are several servers on my internal LAN offering web and mail services, as well as clients surfing the 'net etc.

Now instead of buying a router with 3 WAN ports and the ability to route entire public subnets I'm thinking about using a Windows server (2008 installed and running, 2012 R2 license available if needed) as a router.

Is that a good idea, also with respect to security/firewall? Can this also handle failover as well as prioritization (e.g. SMTP traffic always using one WAN port, while outgoing surfing uses another)? And how about the incoming traffic?

Thanks for your thoughts,
Tom
0
Comment
Question by:Staudte
3 Comments
 
LVL 27

Accepted Solution

by:
Steve earned 1000 total points
ID: 39974854
Firstly, yes you can use server as a router/firewall. The RRAS service can handle most routing but you'd need something like ISA server (now called Forefront TMG) to achieve all of what you are looking for.
I wouldn't recommend considering this if the server you consider using is already used for anything else. Best to dedicate it to the firewall/router role if possible.

For the cost, you might as well buy a good firewall and do it properly. Watchguards, Ciscos and even some Drayteks can achieve most or all of what you want.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 1000 total points
ID: 39977167
You'd probably be better off using a stripped down Linux machine to be your firewall/WAN router.  Smoothwall is an excellent choice to do this.  

Windows security has vastly improved over the years, but a hardened linux package is still more secure.

Coralon
0
 

Author Closing Comment

by:Staudte
ID: 39978135
Thanks to both of you - your inputs where very useful.

@Totallytonto: I would have proceeded along the Forefront TMG route, had the product not been discontinued by Microsoft without replacement... I have now ordered a Watchguard XTM 25 box, which appears to do what I want.

@Coralon: Thanks a lot for the hint "smoothwall". I've picked up the string there and done a bit of research on hardened Linux systems, starting with smoothwall. All free version have some drawbacks, usually lack of functionality (smoothwall express does not support multiple external IPs, for example) or lack of frequent and automatic updates. All this is available in the commercial twins of such products, but the price tag of these is even higher than a dedicated Watchguard box, so I've  rather purchased such a box.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
An article on effective troubleshooting
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question