Solved

Windows Server internet routing planning advice needed

Posted on 2014-04-02
3
250 Views
Last Modified: 2014-04-04
Hi fellow experts,

I have got three internet connections, two normal DSL routers and one with a subnet of 5 public static IP addresses. There are several servers on my internal LAN offering web and mail services, as well as clients surfing the 'net etc.

Now instead of buying a router with 3 WAN ports and the ability to route entire public subnets I'm thinking about using a Windows server (2008 installed and running, 2012 R2 license available if needed) as a router.

Is that a good idea, also with respect to security/firewall? Can this also handle failover as well as prioritization (e.g. SMTP traffic always using one WAN port, while outgoing surfing uses another)? And how about the incoming traffic?

Thanks for your thoughts,
Tom
0
Comment
Question by:Staudte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 27

Accepted Solution

by:
Steve earned 250 total points
ID: 39974854
Firstly, yes you can use server as a router/firewall. The RRAS service can handle most routing but you'd need something like ISA server (now called Forefront TMG) to achieve all of what you are looking for.
I wouldn't recommend considering this if the server you consider using is already used for anything else. Best to dedicate it to the firewall/router role if possible.

For the cost, you might as well buy a good firewall and do it properly. Watchguards, Ciscos and even some Drayteks can achieve most or all of what you want.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 250 total points
ID: 39977167
You'd probably be better off using a stripped down Linux machine to be your firewall/WAN router.  Smoothwall is an excellent choice to do this.  

Windows security has vastly improved over the years, but a hardened linux package is still more secure.

Coralon
0
 

Author Closing Comment

by:Staudte
ID: 39978135
Thanks to both of you - your inputs where very useful.

@Totallytonto: I would have proceeded along the Forefront TMG route, had the product not been discontinued by Microsoft without replacement... I have now ordered a Watchguard XTM 25 box, which appears to do what I want.

@Coralon: Thanks a lot for the hint "smoothwall". I've picked up the string there and done a bit of research on hardened Linux systems, starting with smoothwall. All free version have some drawbacks, usually lack of functionality (smoothwall express does not support multiple external IPs, for example) or lack of frequent and automatic updates. All this is available in the commercial twins of such products, but the price tag of these is even higher than a dedicated Watchguard box, so I've  rather purchased such a box.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Know what services you can and cannot, should and should not combine on your server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question