Question:
Windows Firewall/Router?
martin.lake
2009-01-14 09:08:09 UTC
Hi,
I’ve been asked for work to setup a windows based firewall to sit in-between the internet and a small dedicated network we are setting up for visitors.
Basically the setup should go :
“Intenet” > “ADSL Modem router (netgear)” > “windows 2003svr box running firewall (with 2 network cards)” > “cisco switch” > “visitor PC/Laptops .etc”

I can’t just use the routers built in firewall as it does not meet the companies audit/logging requirements.

So far I have tried plugging the windows box into the switch and the router then bridging the Ethernet connections; this will allow traffic to pass through the server but not much else (making it a big glorified switch).
I thought that by doing this I could use on the windows firewall to manage and log traffic on the bridge but it doesn’t... Additionally TCP/IP filtering (from advanced TCP/IP options) doesn’t seem to work on a windows bridge.

Another Idea I’ve had (but haven’t tried) is to setup a new network on the server by running DNS/DHCP and setup windows routeing to have the netgear routers network and this new network talk. But it just seems like to much effort, I mean when using a packet analyzing tool like wireshark, I can see all the packets passing over the bridge I setup….. I just need to filter/log them?

Any ideas?.... maybe an online guide(crosses fingers)?

p.s.
Please don’t suggest a Linux solution like smoothwall, I have already done this but I have to use a windows box apparently.
Three answers:
Pedro S
2009-01-14 09:18:29 UTC
Microsoft makes a product called ISA server:



http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/default.aspx



This will require you to have a dedicated machine with at least two NICs. There is tons of documentation out there so you could set it up on your own. This is the right product for the job and meets your companies requirements.
jbravo4
2009-01-14 09:36:34 UTC
Setup Internet Connection Sharing on the Server. This will make the server provide IP address for the network users. (select share this computers internet connection on the internet nic adapter properties, then give the network nic adapter properties a default ip address of 192.168.0.1 and reboot, it should be setup after that)



Then install a software firewall. A really easy one would be Filseclab, once you install it, you can set the mode to ICS Internet Connection Sharing, then you wont have to configure anything else and the monitoring is great. I would recommend a different firewall though if you want excellent security.
anonymous
2016-05-28 06:48:02 UTC
Hello, Yes you can. You would have specify what kind of router you have, but most routers have a DHCP capability to network your computers. As far as the backup server you would have to create a routing table, judging by your inquiry. If it matters what computers get what IP address you might as well assign all of the nodes (PCs) static IPs instead of using a DHCP server. Good Luck!


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...