| Author |
Message |
Jim K
Guest
|
 Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Firewall Advise |
|
|
I would like to install Zone Alarm on my SBS box to take advantage of
it's ability to restrict internet access. I suspect, however, that there
may be issues here, and wouldn't be surprised at some very negative
replies. Any advise here?
Thanks,
Jim |
|
| Back to top |
|
 |
Matt Gibson
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Firewall Advise |
|
|
No.
Do NOT install a workstation level firewall on a server.
Use ISA. If for some reason you do not, or can not use ISA, zone alarm does
have a server level product.
-Matt
"Jim K" <"jim-skip this part-"@siena.org> wrote in message
news:eXXGXbK$EHA.1188@tk2msftngp13.phx.gbl...
| Quote: | I would like to install Zone Alarm on my SBS box to take advantage of it's
ability to restrict internet access. I suspect, however, that there may be
issues here, and wouldn't be surprised at some very negative replies. Any
advise here?
Thanks,
Jim |
|
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: Firewall Advise |
|
|
Jim K" <"jim-skip this part- wrote:
| Quote: | I would like to install Zone Alarm on my SBS box to take advantage of
it's ability to restrict internet access. I suspect, however, that
there may be issues here, and wouldn't be surprised at some very
negative replies. Any advise here?
Thanks,
Jim
|
Ix-nay. If you have ISA, use that - if you don't have ISA, and are using a
hardware firewall appliance, you could just give the computers in question
static IPs with no default gateway, and not grant anything more than user
access to the domain accounts so they can't change it. This is clumsy, but
works. There are also other options. |
|
| Back to top |
|
|
Jim K
Guest
|
| Posted:
Tue Jan 18, 2005 2:11 am Post subject:
Re: Firewall Advise |
|
|
Thanks for the negatives. Unfortunately, I don't think ISA came with my
standard edition. Also, it's not really systems that I want to block,
but applications. What I liked about Zone Alarm was that I could set it
so that only approved apps and services could get onto the internet.
Lanwench [MVP - Exchange] wrote:
| Quote: | Jim K" <"jim-skip this part- wrote:
I would like to install Zone Alarm on my SBS box to take advantage of
it's ability to restrict internet access. I suspect, however, that
there may be issues here, and wouldn't be surprised at some very
negative replies. Any advise here?
Thanks,
Jim
Ix-nay. If you have ISA, use that - if you don't have ISA, and are using a
hardware firewall appliance, you could just give the computers in question
static IPs with no default gateway, and not grant anything more than user
access to the domain accounts so they can't change it. This is clumsy, but
works. There are also other options.
|
|
|
| Back to top |
|
|
Mark Jesiel
Guest
|
| Posted:
Tue Jan 18, 2005 8:45 am Post subject:
Re: Firewall Advise |
|
|
You can configure any hardware firewall with incoming AND outgoing rules.
Usually the default outgoing rule allows any ip, any port out to teh
internet. But you could create rules and restrict that.
Mark Jesiel
"Jim K" <"jim-skip this part-" wrote:
| Quote: | Thanks for the negatives. Unfortunately, I don't think ISA came with my
standard edition. Also, it's not really systems that I want to block,
but applications. What I liked about Zone Alarm was that I could set it
so that only approved apps and services could get onto the internet.
Lanwench [MVP - Exchange] wrote:
Jim K" <"jim-skip this part- wrote:
I would like to install Zone Alarm on my SBS box to take advantage of
it's ability to restrict internet access. I suspect, however, that
there may be issues here, and wouldn't be surprised at some very
negative replies. Any advise here?
Thanks,
Jim
Ix-nay. If you have ISA, use that - if you don't have ISA, and are using a
hardware firewall appliance, you could just give the computers in question
static IPs with no default gateway, and not grant anything more than user
access to the domain accounts so they can't change it. This is clumsy, but
works. There are also other options.
|
|
|
| Back to top |
|
|
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Tue Jan 18, 2005 8:45 am Post subject:
Re: Firewall Advise |
|
|
Jim K" <"jim-skip this part- wrote:
| Quote: | Thanks for the negatives. Unfortunately, I don't think ISA came with
my standard edition.
|
No, you need premium for that.
| Quote: | Also, it's not really systems that I want to
block, but applications. What I liked about Zone Alarm was that I
could set it so that only approved apps and services could get onto
the internet.
|
Yes, a basic firewall isn't very good at that. I still wouldn't use ZA on a
server (even their server version).
| Quote: |
Lanwench [MVP - Exchange] wrote:
Jim K" <"jim-skip this part- wrote:
I would like to install Zone Alarm on my SBS box to take advantage
of it's ability to restrict internet access. I suspect, however,
that there may be issues here, and wouldn't be surprised at some
very negative replies. Any advise here?
Thanks,
Jim
Ix-nay. If you have ISA, use that - if you don't have ISA, and are
using a hardware firewall appliance, you could just give the
computers in question static IPs with no default gateway, and not
grant anything more than user access to the domain accounts so they
can't change it. This is clumsy, but works. There are also other
options. |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in