Re: ICF problems win Win2003
From: S. Pidgorny
Date: Sat, 22 Nov 2003 10:16:07 +1100
It's interesting to know why your ISP reckons you need another firewall.
Have they actually proven that your Netgear has a vulnerability that opens
your network to attack, or they just know your requirements better than you?
Anyway, you have so many options: you can implements something Linux/BSD
based on cheap PC hardware - iptables/Netfiler for purists, or
free/inexpensive stuff like Openwall or Smoothwall; you can use inexpensive
yetfully featured firewall appliances, or you can install firewall like
Microsoft ISA Server on your Windows server. I use the latter, but it's up
to you to decide. Again, don't take your ISP word about your Netgear as
authoritative - ask questions.
More info in the FAQ:
-- Svyatoslav Pidgorny, MVP, MCSE -= F1 is the key =- "Vincent Haakmat" <email@example.com> wrote in message news:#57cXyDsDHA.2360@TK2MSFTNGP09.phx.gbl... > Ok... makes sense... We have a firewall from Netgear, but according to my > ISP, I need to get a better one. They recommended CISCO, but it is too > expensive for our business (only 50 PCs). > Can anyone recommend something better that won't break our wallet? > Thanks > > Vincent > > "David Wang [Msft]" <firstname.lastname@example.org> wrote in message > news:uY0OHGBsDHA.1196@TK2MSFTNGP12.phx.gbl... > > If this server is multi-homed, then just enable ICF on the Public NIC and > > not on the Private NIC > > > > If this server has only one NIC and both the server and LAN are not behind > a > > firewall from the Router/Gateway, what you are trying to do is pretty > > insecure and defeats running a firewall on the server. > > > > There are two general topologies that you can consider for small-time > > servers. > > 1. The server is dual-homed (i.e. "Gateway") on the broadband connection > and > > LAN, with a firewall running either on the server's external NIC or on any > > local router-device upstream from the web server > > 2. The web server is an internal LAN server, and the Gateway must have > logic > > to either forward requests based on ports, host header, or IP address to > and > > from this internal LAN server > > > > Both topologies allow unrestricted access by your LAN clients to the LAN > > server's interface, and highly restricted external access to your server's > > public interface. > > > > -- > > //David > > IIS > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > // > > "Vincent Haakmat " <email@example.com> wrote in message > > news:ewIqSrrrDHA.560@TK2MSFTNGP11.phx.gbl... > > I have an exchange server 2003 running on my win2003 server. Because it is > > directly connected to the net i wanted to use ICF. But if I do, the other > > computers on the LAN can't connect to it. WHich ports (UDP-IP) do I need > to > > enable so that the can still access normal file and print services from > it? > > > > > > > >