Firewall with Routing and Remote Access (RRAS)?

[klau1]

I have a home server set up for a few local client machines to serve Files and provide a consistent computing environment across local client workstations thru the use of Folder Redirection.

Recently, with the addition of VPN thru RRAS (Routing and Remote Access), the windows firewall had to be disabled because they can not work concurrently.

How important is it to have a soft firewall even though the server is behind a HW NAT router?

How does one set up a firewall that will permit MS Exchange, DNS, DHCP, VPN, Domain Controller to continue to function with the local and VPN clients?

System:
Windows 2003 standard x64

Network Environment:
Single NIC - Domain Controller behind NAT router

Server Roles:
Domain Controller
MS Exchange 2007
DNS
DHCP

 

[theevilsharpie]

For a small network, I wouldn't consider a software firewall on a server to be a big deal. You have a perimeter firewall to block unauthorized access from the Internet, and even if you did have a firewall on your server, you'd need to open up a wide range of ports for the server to work properly. In such an environment, your key to maintaining an adequate level of system security is keeping up to date with security patches for your software, and installing only the software you need for the server to perform its intended function.

If you absolutely need a firewall, I'd suggest adding a hardware firewall and putting it in front of the server.

With respect to RRAS, open VPN connections bind additional IP addresses to the server. This can cause malfunctions with software that expects the server to have a single IP. Unless you know exactly what you're doing, I wouldn't run RRAS on a general-purpose server.