Information

I have a Win 2000 SB server with 2 nics. I don't have a
hardware firewall, just using SB to provide a software
firewall. If I installed a hardware firewall should I go
to 1 nic? Have to come up with some information as to how
good Microsoft firewall is and if I put in a hardware
firewall do I need 2 nic?

Mariette
Fri Jul 18 16:22:56 CDT 2003

In news:036a01c34d69$b4fed410$a301280a@phx.gbl,
Gordy <ggrant@rfmc.org> wrote:

> I have a Win 2000 SB server with 2 nics. I don't have a
> hardware firewall, just using SB to provide a software
> firewall. If I installed a hardware firewall should I go
> to 1 nic? Have to come up with some information as to how
> good Microsoft firewall is and if I put in a hardware
> firewall do I need 2 nic?

Keep ISA and two Nics. You don't an extra firewall, ISA is just doing fine.

--
Mariette Knap
www.smallbizserver.net

Javier
Fri Jul 18 16:45:38 CDT 2003

Just out of curiosity... what sort of information you about how good ISA
is???

IMHO... it is ok to have a hardware firewall in front of ISA. It is not ok
to have the hardware firewall alone. What you were planning to get a cheap
Linksys firewall or something beefier???

-JG

"Mariette Knap" <mariette@smallbizserver.net> wrote in message
news:OFQNDLXTDHA.1552@TK2MSFTNGP10.phx.gbl...
> In news:036a01c34d69$b4fed410$a301280a@phx.gbl,
> Gordy <ggrant@rfmc.org> wrote:
>
> > I have a Win 2000 SB server with 2 nics. I don't have a
> > hardware firewall, just using SB to provide a software
> > firewall. If I installed a hardware firewall should I go
> > to 1 nic? Have to come up with some information as to how
> > good Microsoft firewall is and if I put in a hardware
> > firewall do I need 2 nic?
>
> Keep ISA and two Nics. You don't an extra firewall, ISA is just doing
fine.
>
> --
> Mariette Knap
> www.smallbizserver.net
>
>

Gizmo
Fri Jul 18 17:18:43 CDT 2003

Hi Gordy

This should be helpful
http://www.smallbizserver.net/sbs2000/network.aspx

Dont lose ISA and keep two nics as Mariette says


"Javier Gomez" <javier_gomez@REMOVE.THIS.engineer.com> wrote in message
news:umwjLXXTDHA.212@TK2MSFTNGP10.phx.gbl...
> Just out of curiosity... what sort of information you about how good ISA
> is???
>
> IMHO... it is ok to have a hardware firewall in front of ISA. It is not ok
> to have the hardware firewall alone. What you were planning to get a cheap
> Linksys firewall or something beefier???
>
> -JG
>
> "Mariette Knap" <mariette@smallbizserver.net> wrote in message
> news:OFQNDLXTDHA.1552@TK2MSFTNGP10.phx.gbl...
> > In news:036a01c34d69$b4fed410$a301280a@phx.gbl,
> > Gordy <ggrant@rfmc.org> wrote:
> >
> > > I have a Win 2000 SB server with 2 nics. I don't have a
> > > hardware firewall, just using SB to provide a software
> > > firewall. If I installed a hardware firewall should I go
> > > to 1 nic? Have to come up with some information as to how
> > > good Microsoft firewall is and if I put in a hardware
> > > firewall do I need 2 nic?
> >
> > Keep ISA and two Nics. You don't an extra firewall, ISA is just doing
> fine.
> >
> > --
> > Mariette Knap
> > www.smallbizserver.net
> >
> >
>
>

Gerry
Fri Jul 18 19:56:32 CDT 2003

Dave,

Seems to me any 'hardware' firewall is actually a software firewall on
proprietary
hardware. The device is built such that all aspects (like ISA) can be
configured/
controlled.

To me (without detailed investigation) one hardware firewall manufacturer
can/will
differentiate themselves from another by how the system runs. One might use a
80386
processor while another might use FPGA's to control the traffic. But in
reality, they're
all software when you come down to it.

Gerry


"Dave Nickason" <gwdibble@frontiernet.net> wrote in message
news:Os7$NtXTDHA.560@TK2MSFTNGP10.phx.gbl...
> I have been looking into this a little recently, including talking to a
> security guy with a local consulting company. A couple of comments: They
> don't consider the Linksys boxes secure at all. This is particularly true
> when you are trying to pick and choose the access you allow (in other words,
> the Linksys might do a good job of blocking everything - mine shows
> "stealth" for everything at grc.com). But when you try to allow some things
> but not others, that's where they don't recommend the Linksys. This is
> logical since the Linksys is a $50 device at the office supply, while some
> of the others are $500 and up.
>
> Some of the boxes I thought of as hardware devices are not - they're
> software firewalls running on dedicated or proprietary hardware.
> Checkpoint, for example, is software.
>
> Some of these devices are complex to configure. For example, the local guy
> recommends a device that's in the price range of some of the common ones
> like Watchguard or Sonicwall (under $800), but they want $1800 to configure
> it. They say that to correctly install and configure a firewall is more
> than one day's work (these guys are reputable and have been around for
> years, but I don't have personal experience with them). People complain
> about ISA's complexity, but it does not appear that anything else worth
> using is any simpler.
>
> I looked at web sites, talked to sales reps, etc. at quite a few firewall
> appliance vendors. I didn't find anything that I thought was any better
> than ISA. Plus, I have it already, so there's little additional investment
> of time or money. I can get good support from this group,
> www.isaserver.org, etc.
>
> If you look on the Microsoft site or google ISA, you'll find that in
> independent reviews and testing, it holds up with just about anything.
>
>
>
>
> "Javier Gomez" <javier_gomez@REMOVE.THIS.engineer.com> wrote in message
> news:umwjLXXTDHA.212@TK2MSFTNGP10.phx.gbl...
> > Just out of curiosity... what sort of information you about how good ISA
> > is???
> >
> > IMHO... it is ok to have a hardware firewall in front of ISA. It is not ok
> > to have the hardware firewall alone. What you were planning to get a cheap
> > Linksys firewall or something beefier???
> >
> > -JG
> >
> > "Mariette Knap" <mariette@smallbizserver.net> wrote in message
> > news:OFQNDLXTDHA.1552@TK2MSFTNGP10.phx.gbl...
> > > In news:036a01c34d69$b4fed410$a301280a@phx.gbl,
> > > Gordy <ggrant@rfmc.org> wrote:
> > >
> > > > I have a Win 2000 SB server with 2 nics. I don't have a
> > > > hardware firewall, just using SB to provide a software
> > > > firewall. If I installed a hardware firewall should I go
> > > > to 1 nic? Have to come up with some information as to how
> > > > good Microsoft firewall is and if I put in a hardware
> > > > firewall do I need 2 nic?
> > >
> > > Keep ISA and two Nics. You don't an extra firewall, ISA is just doing
> > fine.
> > >
> > > --
> > > Mariette Knap
> > > www.smallbizserver.net
> > >
> > >
> >
> >
>
>

chris
Fri Jul 18 21:30:16 CDT 2003

There are good reasons for using more than one firewall.
One of which is to create a DMZ. In my case, I'm tired of
playing games with my web hosting provider, so I'm
considering hosting my own webserver. Although SBS CAN do
this, I don't want the extra load, or public users on the
box. So, I plan to put Linksys VPN Router as the border
(internet) firewall. This firewall will allow traffic
into the DMZ to the webserver. I'll then use ISA as my
internal firewall (LAN to the DMZ). All I need is an
extra switch for the DMZ network.

Yes this will make things more challenging, but that's
how you learn, and I'm not scaird. And yes, currently my
DC (SBS2K) IS hanging on the internet with ISA watching
the gate - two nics.

Bottom line - ISA is a great firewall. But that doesn't
mean that there are not good reasons for using two
firewalls.

Chris


>-----Original Message-----
>Hi Gordy
>
>This should be helpful
>http://www.smallbizserver.net/sbs2000/network.aspx
>
>Dont lose ISA and keep two nics as Mariette says
>
>
>"Javier Gomez" <javier_gomez@REMOVE.THIS.engineer.com>
wrote in message
>news:umwjLXXTDHA.212@TK2MSFTNGP10.phx.gbl...
>> Just out of curiosity... what sort of information you
about how good ISA
>> is???
>>
>> IMHO... it is ok to have a hardware firewall in front
of ISA. It is not ok
>> to have the hardware firewall alone. What you were
planning to get a cheap
>> Linksys firewall or something beefier???
>>
>> -JG
>>
>> "Mariette Knap" <mariette@smallbizserver.net> wrote in
message
>> news:OFQNDLXTDHA.1552@TK2MSFTNGP10.phx.gbl...
>> > In news:036a01c34d69$b4fed410$a301280a@phx.gbl,
>> > Gordy <ggrant@rfmc.org> wrote:
>> >
>> > > I have a Win 2000 SB server with 2 nics. I don't
have a
>> > > hardware firewall, just using SB to provide a
software
>> > > firewall. If I installed a hardware firewall
should I go
>> > > to 1 nic? Have to come up with some information as
to how
>> > > good Microsoft firewall is and if I put in a
hardware
>> > > firewall do I need 2 nic?
>> >
>> > Keep ISA and two Nics. You don't an extra firewall,
ISA is just doing
>> fine.
>> >
>> > --
>> > Mariette Knap
>> > www.smallbizserver.net
>> >
>> >
>>
>>
>
>
>.
>

mark
Wed Jul 30 17:23:46 CDT 2003

Wow a lot of good information but here's my 2 cents...

There are no large enterprises that don't have a firewall appliance
infront of their servers. Even using an appliance like WatchGuard's
firewall will allow a DMZ between the ISP and the Public NIC on
SBS2000. This will trap many attacks/viruses etc before they hit the
ISA server. Worthwile indeed.

Linksys are good starter routers to help shield your other ISP static
IP's that route onto your LAN unsing NAT. Here a WatchGuard will
shield all servers through one Internet Gateway which is a must if you
will ever use SSL Certificates with multiple hosted sites on a single
machine with one NIC.

So the short of it is use a professional firewall appliance in front
of the SBS. This will shield. Don't try it with a Linksys though as
it has no intrusion/virus protection.

WatchGuard is at www.watchguard.com. Ciscos PIK is another good
firewall/router that will handle multiple IP
addressing/forwarding/filtering.

Thats a lot of two cents worth.