Click here to get back home

Is Windows 2003 firewall safe?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Is Windows 2003 firewall safe? Gaspar 03-23-2006
Posted by Gaspar on March 23, 2006, 8:28 am
Please log in for more thread options
 I want to setup Windows 2003 + Exchange 2003 server with to network
adapters: one for the intranet, and the other for the internet.

Is it safe to use Windows 2003 built-it firewall on the external adapter to
block everything but mail and dns ports (53, 25, 110, etc)? If not, can I
install ISA 2004 firewall to protect it (i.e is Exchange 2003 compatible
with ISA in the same machine?)

Ideally it would be better to have an external firewall but I can't afford
it ($$$).

Thanks!



Posted by Roger Abell [MVP] on March 23, 2006, 10:18 am
Please log in for more thread options
 Layers are nice, but you rule that out in final comment.
It is always best to not place critical infrastructure right
on the edge / external network.

The ISA version you mention is dated.

The W2k3 firewall is good at what it does and it will cause all
inbound traffic to the external interface to be dropped except
for what you state to allow, if you configure it correctly.
In your case I would use both the firewall and IPsec in a
filtering isolation mode.

>I want to setup Windows 2003 + Exchange 2003 server with to network
>adapters: one for the intranet, and the other for the internet.
>
> Is it safe to use Windows 2003 built-it firewall on the external adapter
> to block everything but mail and dns ports (53, 25, 110, etc)? If not, can
> I install ISA 2004 firewall to protect it (i.e is Exchange 2003 compatible
> with ISA in the same machine?)
>
> Ideally it would be better to have an external firewall but I can't afford
> it ($$$).
>
> Thanks!
>



Posted by Gaspar on March 23, 2006, 12:47 pm
Please log in for more thread options
What do you mean by "The ISA version you mention is dated"?

Thanks again.
Gaspar

> Layers are nice, but you rule that out in final comment.
> It is always best to not place critical infrastructure right
> on the edge / external network.
>
> The ISA version you mention is dated.
>
> The W2k3 firewall is good at what it does and it will cause all
> inbound traffic to the external interface to be dropped except
> for what you state to allow, if you configure it correctly.
> In your case I would use both the firewall and IPsec in a
> filtering isolation mode.
>
>>I want to setup Windows 2003 + Exchange 2003 server with to network
>>adapters: one for the intranet, and the other for the internet.
>>
>> Is it safe to use Windows 2003 built-it firewall on the external adapter
>> to block everything but mail and dns ports (53, 25, 110, etc)? If not,
>> can I install ISA 2004 firewall to protect it (i.e is Exchange 2003
>> compatible with ISA in the same machine?)
>>
>> Ideally it would be better to have an external firewall but I can't
>> afford it ($$$).
>>
>> Thanks!
>>
>
>



Posted by Roger Abell [MVP] on March 24, 2006, 12:04 am
Please log in for more thread options
My bad, I forgot ISA06 beta has not quite ended.

> What do you mean by "The ISA version you mention is dated"?
>
> Thanks again.
> Gaspar
>
>> Layers are nice, but you rule that out in final comment.
>> It is always best to not place critical infrastructure right
>> on the edge / external network.
>>
>> The ISA version you mention is dated.
>>
>> The W2k3 firewall is good at what it does and it will cause all
>> inbound traffic to the external interface to be dropped except
>> for what you state to allow, if you configure it correctly.
>> In your case I would use both the firewall and IPsec in a
>> filtering isolation mode.
>>
>>>I want to setup Windows 2003 + Exchange 2003 server with to network
>>>adapters: one for the intranet, and the other for the internet.
>>>
>>> Is it safe to use Windows 2003 built-it firewall on the external adapter
>>> to block everything but mail and dns ports (53, 25, 110, etc)? If not,
>>> can I install ISA 2004 firewall to protect it (i.e is Exchange 2003
>>> compatible with ISA in the same machine?)
>>>
>>> Ideally it would be better to have an external firewall but I can't
>>> afford it ($$$).
>>>
>>> Thanks!
>>>
>>
>>
>
>



Posted by Steven L Umbach on March 23, 2006, 1:08 pm
Please log in for more thread options
The Windows Firewall does a great job at what it is supposed to do if it is
configured correctly and working. The problem I have with host/software
firewalls is that they can fail [software conflict, etc] or even be disabled
by malware. I am not saying that is the norm but it can happen, particualry
for home users, but it certainly is much better than no firewall and could
prove to be reliable in your situation and ipsec filtering can also be used.
ISA 2004 is not exactly cheap though maybe you have a spare laying around.
There are great deals on used firewalls on Ebay [under $100 for some models]
that may not be the latest/greatest model but can still do a great job
protecting the network. If you use Ebay search for Sonicwall or Netscreen
for examples but look for models with late firmware. --- Steve



>I want to setup Windows 2003 + Exchange 2003 server with to network
>adapters: one for the intranet, and the other for the internet.
>
> Is it safe to use Windows 2003 built-it firewall on the external adapter
> to block everything but mail and dns ports (53, 25, 110, etc)? If not, can
> I install ISA 2004 firewall to protect it (i.e is Exchange 2003 compatible
> with ISA in the same machine?)
>
> Ideally it would be better to have an external firewall but I can't afford
> it ($$$).
>
> Thanks!
>



Similar ThreadsPosted
Firewall of Windows 2003 October 2, 2005, 1:31 am
Windows 2003 firewall November 22, 2005, 12:09 pm
Antivirus+Firewall for Windows Server 2003 May 25, 2006, 9:59 am
Saving a Windows 2003 Firewall Configuration? December 15, 2006, 11:28 pm
Simple question regarding Windows 2003 Firewall April 1, 2007, 11:35 pm
Windows 2003 built-in firewall prevents AD from synching across DCs December 8, 2005, 11:24 am
properly configured windows 2003 server OK without a hardwre firewall? November 24, 2007, 12:00 pm
SBS 2003 - XP SP2 - Firewall GPO issues December 7, 2005, 1:25 pm
ftp + windows firewall September 20, 2006, 6:02 am
Win 2003 Firewall Problem. Ahhh January 4, 2008, 2:55 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap