Greetings:

I have a sonicwall or lets say any firewall. How can i configure this and
protect my servers.Do i need to put them in DMZ? Can anyone recommend me for
best solutions. Right now, im using the windows 2003 firewall, but i guess
its not enough. Aside from ports 53,25,80, what are other ports should i
opened.And pls give me some best articles that i can read.Thnx.

God Bless

--
micro_xii

Message posted via http://www.winserverkb.com

micro_xii via WinServerKB.com wrote:
> Greetings:
>
> I have a sonicwall or lets say any firewall. How can i configure this
> and protect my servers.Do i need to put them in DMZ?

No, by putting servers in a DMZ, you greatly increase the attack surface of
your servers available to the internet.

> Can anyone
> recommend me for best solutions. Right now, im using the windows 2003
> firewall, but i guess its not enough. Aside from ports 53,25,80, what
> are other ports should i opened.

Ports 53 UDP and TCP need only be open inbound if you host a public DNS zone
on the server. If you are going to do that, you need at least two servers,
(Provided someone else is hosting a Secondary for you, if not you need
three) One set of servers would be for inbound public queries, the other DNS
is for local network resolution by DNS. At this time MS DNS servers don't
fully support either network views or selective recursion. Your internal
server that resolves names for your local clients (the server is a client
too) must be able to access any address on the internet or 53 UDP/TCP for it
to use recursion to resolve external names. If you have a DNS server outside
your firewall that the internal server can forward to, you can select "Do
not use recursion" and have only 53 UDP/TCP open to that server. Keep in
mind, stopping your server from using recursion means you should very well
use only an external DNS you can fully trust as a forwarder. This is the
main points to make on DNS behind firewalls.

254018 - How to Configure Input Filters for Services That Run Behind Network
Address Translation:
http://support.microsoft.com/default...b;en-us;254018

832017 - Port Requirements for the Microsoft Windows Server System:
http://support.microsoft.com/default...b;en-us;832017

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

Hi

Goole for back-end firewall solutions to get an idea of a good FW
configuration solution . Basically the Front Firewall takes care of the
comunications between public and DMZ, and the Back Firewall Takes care of
the Internal and Public connections (DMZ included), you can also
sign/encript comunications between servers in DMZ and Internal for especific
services or all comunications.

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"micro_xii via WinServerKB.com" <u26296@uwe> wrote in message
news:661d07f968bc8@uwe...
> Greetings:
>
> I have a sonicwall or lets say any firewall. How can i configure this and
> protect my servers.Do i need to put them in DMZ? Can anyone recommend me
> for
> best solutions. Right now, im using the windows 2003 firewall, but i guess
> its not enough. Aside from ports 53,25,80, what are other ports should i
> opened.And pls give me some best articles that i can read.Thnx.
>
> God Bless
>
> --
> micro_xii
>
> Message posted via http://www.winserverkb.com
>