Good morning all -

I run a small server fcor my consulting business. There are 3 of us who use it for MS Exchange email as well as general file sharing.

Here is the Firewall Question.

I have ordered a Sonicwall SoHo3 Firewall and that will be installed as soon as we go from cable to DSL and run a static IP.

In the meantime can I install a softwall firewall like Sygate? I hate being "open" to the internet and would like some thoughts.

Thanks!

You could I guess, but why not just install the SonicWall now? Apparently the IP doesn't change frequently enough to be an issue in the current config.

You'll simply port forward port 25.

BTW- excellent firewall choice- you'll like it a lot.

I don't have the sonicwall yet :( I think I have been lucky to date not getting hit by anything but I am starting to think I am pushing my luck.

Plus I personally do not manage the server it's handled by our IT consultant with my being the internal IT guy (moderate knowledge) and the firewall will go directly to them for configuration.

While I actually love this line of work it takes me away from what should be my focus :) my business - lol

I don't have the sonicwall yet
Get that baby ordered!! When you start to look at the logs, you'll drop your chin!!

think I have been lucky to date not getting hit by anything but I am starting to think I am pushing my luck.

You've been VERY lucky if you haven't been whacked yet.

Seriously- if you're using cable svc w/ dynamic IP w/your Exchange now, then it doesn't change very frequently (neither does mine- that's why I don't cough up the extra 50 for static). So there's really nothing stopping you from using the SonicWall right now.

If you're 100% sure you'll never grow beyond 10 users and will never need VPN access, get the SOHO3 10-User, 01-SSC-2930.

If you want VPN, and ever think you could grow, then get the SOHO3 25-User with VPN, 01-SSC-2940. If you want the 1 yr. service support with it, order the SOHO3 25-User with VPN and 1-Year 8x5 Support, pn 01-SSC-2943.

But whichever you get, get it soon!!

SOHO3 25-User with VPN and 1-Year 8x5 Support, pn 01-SSC-2943

Got this one. Sweet deal from Firewalls.com

I am running Symantic Corp Edition so I do have some protection. DSL is also on its way I just dont want to be on the raod and find out for any reason I don't have access to my server cause the IP changed. So I will wait to have the Sonicwall installed. And I dont want to pay 2x for them to install it.

Can you foresee any problems with setting up the Sygate in the meantime? Is there a better solution for the next couple weeks?

Nope- shouldn't be a problem. Sygate is good.

I see you are using Small Business Server...why not using the ISA feature? It's a fully ISCA certified firewall...already included in the OS.

YOSC

I know little to nothing about the ISA Firewall that is part of the OS. Easy/hard to set up?

Do you have any good info on it? I know that it was set up as a feature pack but have not looked into it.

Thanks!

Originally posted by scabbo
YOSC

I know little to nothing about the ISA Firewall that is part of the OS. Easy/hard to set up?

Do you have any good info on it? I know that it was set up as a feature pack but have not looked into it.

Thanks!

Yes, the basics are easy to setup.....the Small Business Wizard will do all the settings for you, and if you use the magic disk to setup the users, that the wizard will create for each user, the workstations will be automatically configured. The hardest thing for SBS users to do...is use the very easy to use wizard. I fought against it myself for the longest time. But that's one of the beauties of SBS....do everything using the wizard and SBS console...and it configures everything for you, including the clients workstations.

So basic setup is quite easy. More advanced setup however, (like if you wish to run some public services to workstations..such as PcAnywhere hosts) can be a bit more involved, I've had to refer to the isaserver forums a few times myself, and they're good there.

Some links to help...

http://www.isaserver.org
http://www.sbsfaq.com
http://www.sbslinks.com/
http://www.smallbizserver.net/

YOS - Just want to bounce this off you. We run a Small Business Server 2000 setup - 4 users.

I bought the Sonicwall SOHO3 Firewall 25user w/10vpn access.

The IT partner is telling me to install/set it up they are going to chage about $300. Doesn't that seem high? I know its only $300 but I figured about $100.

20 minutes to change the DNS
20 minutes to configure SBS
20 For firewall

Am I way off?

IMO, one hour is best case scenario; zero problems; everything goes 100% according to plan.

Have you ever had that happen? I haven't.

If I quote you an hour, and I take 2, I'm a jerk, a crook, and I ripped you off. If I quote you 3, and bill you for 2, I'm a hero.... the greatest most honest guy on the face of the earth.

I've set up a LOT of Sonic Walls, and in theory, the basic setup might only take you that long. But- who's going to set up the VPN's? Check and flash the latest firmware (better do that 1st)? Who's going to go around and reboot and check all the workstations?

tw - all great points. Guess I am off - and your soooooo right how many setups go according to plan - lol ZERO :)

3 hours....I don't know what else is invovled in the setup.

Yeah getting the Sonic in place working like a normal Linksys router....setup takes a whole 5 minutes or so. But what else to you have to reconfigure or setup? Does the SBS require any reconfiguration? (I'd probably want to change the LAN side of the Sonic to match the SBS servers existing setup, rather than change SBS to match the Sonic) Are you setting up the router with other routers out there across the state or country...doing a router to router VPN? Are you setting up accounts for other users to Global VPN into the router from their homes? Are you setting up port forwarding for services such as PcAnywhere?

3 hours isn't bad, I'd worry it's on the light side. Don't forget on SBS, if you're changing broadband, reconfigure DNS forwarding properties on the SBS server, and make sure DHCP on the SBS server is handing itself out as DNS, don't let the router hand out DHCP.