Good Firewall Recommendation for Win2K Server

[mooker]

Hey all,

Here's my situation:

I'm running my DSL through a Windows 2000 Server that serves my other computers in my house. I need a good firewall for a server (ie. not a personal firewall). Most of the personal firewalls are setup to ask if you want to enable a specific application to use a port.

Basically, I need a firewall that I can setup with rules on specific ports and such. One with good logging, and preferably a good remote interface. All I've really tried is Winroute Pro, and I don't personally care for it.

Any input would be greatly appreciated.

Thanks!

 

[PeeluckyDuckee]

ISA Server 2K is pretty configurable from what I've seen

 

[neuralfx]

i dont know what kind of UNIX knowledge you have, but you can scrounge for a 386 or other pos box and run openbsd, and you will have a lot of options for security .. or well i guess you could shell out whatever ungodly amount ms is charging for ISA 2k now =) .. well good luck either way ..
-neural

 

[Need4Speed]

why not just use the built in NAT with Remaote Access and Routing?

 

[Saltin]

ISA is best suited to 2k Server as it's AD integrated, but it's really an enterprise level solution.

 

[mooker]

Well, I plan on using NAT. But NAT by itself is not secure. I need a firewall that will turn off unwanted ports, log activity, etc.

I did have a Debian server, originally. When I started out, I bought a linux book and read it through, as well as some other stuff. I got the server setup and running well. But the main reason that I wanted to go with 2k is because I wanted to get either MCSE or MCSA, and wanted some 2k server experience.

I'll check out ISA firewall. Thanks!

 

[Saltin]

If you just want to build experience, then definetly go with ISA.
I managed to get a 120 trial version sent to me, check out the site, you may be able to too.

 

[netsysadmin]

If I were you I would go with a router like the Linksys...it provides you with all the features you will need...such as NATing and port forwarding...here is what I run behind my Linksys...Dell Server with win2k Server running AD as my DC, Emachine with win2k Server as a web server and two client machines....with this setup I have not had any security issues and I am live on the internet 24/7 with RoadRunner....they dont get past the Linksys....you can use a logging program such as the one at www.linklogger.com...it will log everything coming in and out of you network to the web and it can be configured to alet you via email if there are any problems such as a possible intrusion...you will see that they hit the Linsys with the port scan but they do not get through!...that is the best way to do it...I prefer to not directly expose my servers to the internet at home or even at work...that is a major no no....if you need any more info feel free to email me...good luck!

Oh and one thing I forgot...ISA is a good...but it is expensive and to use it correctly it should be on its own dedicated server...so you have to add another computer to the mix...up goes the cost!

John
Systems Administrator
MCSE