Firewall?

[sumnone]

I'm looking for an application Firewall for Windows 2003 Server with the following criteria:

1) Windows 2003 compatible.
2) Installs as a service.
3) Supports multiple IP Addresses (this is the reason I can't use the inherent Windows firewall)
4) Doesn't cost a fortune.

I mainly concerned with port blocking, but anything extra is definitely welcome.

Thanks for any suggestions.

 

[Roadki11]

How about putting a $50 linksys or d-link router in front of it?

RoadKi11

 

[ArizonaGeek]

I agree with Roadki11 (in principal) ... a hardware firewall is going to give you an extra level of protection. There are virus' out there that can disable software firewalls. A real firewall will give you intrusion detection and give you a ton of extra security. A Netgear FVS114 or a fvs318 (4 port and 8 port) firewall are true hardware firewalls that cost less than $75. Not as good as a $2500 firewall but should get the job done for a small network.

Cheers
Rob

 

[sumnone]

Thanks for your responses. That is what I would prefer to do and I have considered that. However, I pay for space at a co-location facility (per U). So even though the device is inexpensive up front, I believe it would incur more monthly fees (forever). Although, I haven't asked them, so maybe I will do so. Of course that also means I have to take a trip down there to set it up which I would prefer not to do. That's my lazy talking. Eventually, I'll get there.

I've used application firewalls in the past that seem to work well. For instance, BlackIce worked well but is somewhat pricey. Plus, I've seen many negative reviews on the newer versions of BlackIce. I was considering Tiny, but they sold out to CA. (I view CA products as overpriced junk (from experience).) I tried Softperfect and others that don't install as a service. And more...

Anyway, I just thought I'd throw it out there and see what I get back. I will continue to research and welcome any other responses.

Thanks again for your responses.

 

[grumpyoldtechs]

You could configure the built in IPSEC features of Windows Server 2003. All windows firewall is a graphical front end for this. It costs you nothing to configure the firewall in more depth and you do it from an MMC.

There is a indepth manual on Microsoft technet

http://technet2.microsoft.com/Windo...435b-45f7-9f5c-1cb77b7a6a391033.mspx?mfr=true

Also there is a few guides on search engines. Here is one for 2000 but it's very similar.

http://homepages.wmich.edu/~mchugha/w2kfirewall.htm

What I recommend is that you define your basic port filtering rules in Windows firewall and then duplicate/ edit these for a 2nd, 3rd, 4th network interface.

If all you want to do is block ports and have some control over ICMP communications then this is all you need and it requires no further investment.

Rob
Grumpy by name, helpful by nature

http://www.grumpyoldtechs.co.uk

 

[sumnone]

Thanks for reply and links, I'll give 'em a read...

I would be fine with the functionality of the inherent firewall. However, I have one other thread here:

http://www.tek-tips.com/viewthread.cfm?qid=957474&page=1

It describes the limitation I'm running into in more detail. I wrote it in 2004 and got 0 replies. At the time I couldn't open the same port, across multiple IPs, on a single NIC. In other words, my server has one active NIC with 10 IP Addresses bound to it and I'm trying to open port 80 across all of those IPs. Windows Firewall would only allow me to open port 80 on one IP. I was using the GUI.

I would be ecstatic if I was wrong or something has changed since then. Please let me know otherwise.