Xavier
Can't get enough of FH
- Joined
- Dec 22, 2003
- Messages
- 1,542
Afternoon all,
Thought I'd pose a techie question for once...
I've been asked by a friend to recommend a software firewall solution to run on a Windows Server 2003 based machine. They're migrating from a Symmetric NAT firewall on their router as it stops IPv6 communication and instead want an app they can deploy on their windows server, which is also functioning as gateway to the network.
The machine is functioning as a domain controller, runs Exchange 2003 and SQL 2000 as well as Terminal Services, IIS and a couple of game servers.
Because it's a "PDC" (or as close as you get to one in an FSMO AD) things such as Symantec Enterprise Firewall are a complete no-no, as is any Zone Alarm product - neither will allow themselves to be installed on a domain controller.
OutPost Pro 2.1 is a non-starter too, while it installs on Server 2003 it can't be administered over Terminal Services properly because of gh3y limitations in the way it was written.
Ideally he's after a stateful firewall with port-based rules, rather than anything tied to application behavior and whatnot. My fave solution - ISA server won't work here as they don't have a dedicated box from which to run the firewallage and don't want to add another layer of NAT, which will again cock up IPV6 tunneling.
So, is anyone aware of any software firewalls which might do the job? Preferrably ones you've seen running in a W2k3/AD environment, sitting on top of ICS or R/RA. Currently the only thing they've found which works on an admin level is the ICS firewall - but we all know why you don't want a box running something that simple sat on the 'edge', especially if it's running IIS and whatnot.
Thought I'd pose a techie question for once...
I've been asked by a friend to recommend a software firewall solution to run on a Windows Server 2003 based machine. They're migrating from a Symmetric NAT firewall on their router as it stops IPv6 communication and instead want an app they can deploy on their windows server, which is also functioning as gateway to the network.
The machine is functioning as a domain controller, runs Exchange 2003 and SQL 2000 as well as Terminal Services, IIS and a couple of game servers.
Because it's a "PDC" (or as close as you get to one in an FSMO AD) things such as Symantec Enterprise Firewall are a complete no-no, as is any Zone Alarm product - neither will allow themselves to be installed on a domain controller.
OutPost Pro 2.1 is a non-starter too, while it installs on Server 2003 it can't be administered over Terminal Services properly because of gh3y limitations in the way it was written.
Ideally he's after a stateful firewall with port-based rules, rather than anything tied to application behavior and whatnot. My fave solution - ISA server won't work here as they don't have a dedicated box from which to run the firewallage and don't want to add another layer of NAT, which will again cock up IPV6 tunneling.
So, is anyone aware of any software firewalls which might do the job? Preferrably ones you've seen running in a W2k3/AD environment, sitting on top of ICS or R/RA. Currently the only thing they've found which works on an admin level is the ICS firewall - but we all know why you don't want a box running something that simple sat on the 'edge', especially if it's running IIS and whatnot.
. Just a suggestion for something to look at if you need a bit more hand-holding (no worries about getting hardware that's up to the job, pre-install done, no doubt some nice GUI/web config tools...).
