Solved

Windows Server internet routing planning advice needed

Posted on 2014-04-02
3
247 Views
Last Modified: 2014-04-04
Hi fellow experts,

I have got three internet connections, two normal DSL routers and one with a subnet of 5 public static IP addresses. There are several servers on my internal LAN offering web and mail services, as well as clients surfing the 'net etc.

Now instead of buying a router with 3 WAN ports and the ability to route entire public subnets I'm thinking about using a Windows server (2008 installed and running, 2012 R2 license available if needed) as a router.

Is that a good idea, also with respect to security/firewall? Can this also handle failover as well as prioritization (e.g. SMTP traffic always using one WAN port, while outgoing surfing uses another)? And how about the incoming traffic?

Thanks for your thoughts,
Tom
0
Comment
Question by:Staudte
3 Comments
 
LVL 27

Accepted Solution

by:
Steve earned 250 total points
ID: 39974854
Firstly, yes you can use server as a router/firewall. The RRAS service can handle most routing but you'd need something like ISA server (now called Forefront TMG) to achieve all of what you are looking for.
I wouldn't recommend considering this if the server you consider using is already used for anything else. Best to dedicate it to the firewall/router role if possible.

For the cost, you might as well buy a good firewall and do it properly. Watchguards, Ciscos and even some Drayteks can achieve most or all of what you want.
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 250 total points
ID: 39977167
You'd probably be better off using a stripped down Linux machine to be your firewall/WAN router.  Smoothwall is an excellent choice to do this.  

Windows security has vastly improved over the years, but a hardened linux package is still more secure.

Coralon
0
 

Author Closing Comment

by:Staudte
ID: 39978135
Thanks to both of you - your inputs where very useful.

@Totallytonto: I would have proceeded along the Forefront TMG route, had the product not been discontinued by Microsoft without replacement... I have now ordered a Watchguard XTM 25 box, which appears to do what I want.

@Coralon: Thanks a lot for the hint "smoothwall". I've picked up the string there and done a bit of research on hardened Linux systems, starting with smoothwall. All free version have some drawbacks, usually lack of functionality (smoothwall express does not support multiple external IPs, for example) or lack of frequent and automatic updates. All this is available in the commercial twins of such products, but the price tag of these is even higher than a dedicated Watchguard box, so I've  rather purchased such a box.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question