Solved

Windows Server internet routing planning advice needed

Posted on 2014-04-02
3
249 Views
Last Modified: 2014-04-04
Hi fellow experts,

I have got three internet connections, two normal DSL routers and one with a subnet of 5 public static IP addresses. There are several servers on my internal LAN offering web and mail services, as well as clients surfing the 'net etc.

Now instead of buying a router with 3 WAN ports and the ability to route entire public subnets I'm thinking about using a Windows server (2008 installed and running, 2012 R2 license available if needed) as a router.

Is that a good idea, also with respect to security/firewall? Can this also handle failover as well as prioritization (e.g. SMTP traffic always using one WAN port, while outgoing surfing uses another)? And how about the incoming traffic?

Thanks for your thoughts,
Tom
0
Comment
Question by:Staudte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 27

Accepted Solution

by:
Steve earned 250 total points
ID: 39974854
Firstly, yes you can use server as a router/firewall. The RRAS service can handle most routing but you'd need something like ISA server (now called Forefront TMG) to achieve all of what you are looking for.
I wouldn't recommend considering this if the server you consider using is already used for anything else. Best to dedicate it to the firewall/router role if possible.

For the cost, you might as well buy a good firewall and do it properly. Watchguards, Ciscos and even some Drayteks can achieve most or all of what you want.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 250 total points
ID: 39977167
You'd probably be better off using a stripped down Linux machine to be your firewall/WAN router.  Smoothwall is an excellent choice to do this.  

Windows security has vastly improved over the years, but a hardened linux package is still more secure.

Coralon
0
 

Author Closing Comment

by:Staudte
ID: 39978135
Thanks to both of you - your inputs where very useful.

@Totallytonto: I would have proceeded along the Forefront TMG route, had the product not been discontinued by Microsoft without replacement... I have now ordered a Watchguard XTM 25 box, which appears to do what I want.

@Coralon: Thanks a lot for the hint "smoothwall". I've picked up the string there and done a bit of research on hardened Linux systems, starting with smoothwall. All free version have some drawbacks, usually lack of functionality (smoothwall express does not support multiple external IPs, for example) or lack of frequent and automatic updates. All this is available in the commercial twins of such products, but the price tag of these is even higher than a dedicated Watchguard box, so I've  rather purchased such a box.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question