I was searching for a free firewall solution for Windows 2003 and came across something called Savungan from ModemWall.com.
I wrote up some rules and tested it on my local box and it seems to work great, but before I deploy it live I wanted to see if anyone else has used it? I'm especially curious as to how it performs on heavy load sites.
Full Version: Savungan Firewall from ModemWall ?
QUOTE (UncleCJ)
I was searching for a free firewall solution for Windows 2003 and came across something called Savungan from ModemWall.com.
Never heared it before, modemwall.com --> turkticaret.net :shock:
Windows 2003 has two free firewalls built right in - the basic firewall in Routing and Remote Access (which isn't really that basic) and IPSEC which is hugely configurable.
I wouldn't deploy a free firewall on a production server apart from those that come with Windows.
I wouldn't deploy a free firewall on a production server apart from those that come with Windows.
Yeah, I'm using RRAS right now and it seems to be doing fine for the most part.
The only issue I'm having is getting passive FTP to work. Checking the 'FTP' option seems to open port 21, but I can't find a way to open the port range for passive. Unfortunately I couldn't find a way to do this with IPSec either.
The software I mentioned does support port ranges (and has a log, which is helpful), but I agree with you about using a free firewall on live servers.
So far the only info I've been able to dig up on it is sales pitches on numerous websites. If nobody has used this yet, I don't intend to be the first.
The only issue I'm having is getting passive FTP to work. Checking the 'FTP' option seems to open port 21, but I can't find a way to open the port range for passive. Unfortunately I couldn't find a way to do this with IPSec either.
The software I mentioned does support port ranges (and has a log, which is helpful), but I agree with you about using a free firewall on live servers.
So far the only info I've been able to dig up on it is sales pitches on numerous websites. If nobody has used this yet, I don't intend to be the first.
There's no easy answer, but you can limit the ports that are available to passive ftp:
http://support.microsoft.com/default.aspx?...kb;en-us;555022
And then you'll just have to open them in the firewall.
http://support.microsoft.com/default.aspx?...kb;en-us;555022
And then you'll just have to open them in the firewall.
Ouch, I was hoping you weren't gonna say that.
I'll have to give this some more thought, lol. Thanks for the advice.
I'll have to give this some more thought, lol. Thanks for the advice.
QUOTE (cprompt)
Windows 2003 has two free firewalls built right in - the basic firewall in Routing and Remote Access (which isn't really that basic) and IPSEC which is hugely configurable.
I wouldn't deploy a free firewall on a production server apart from those that come with Windows.
I wouldn't deploy a free firewall on a production server apart from those that come with Windows.
Funny you should mention this because Rass and the default firewall as im told by servermatrix's security personal and support team that they will not support or offer support for thrid party firewalls or even the built-in default firewall or rass configured as a firewall on the win2k3 system .
Be aware that a catch(22) $charge could surface when implementing these features if you lock yourself out of the box.
Using FTP in either mode could and will attract unwanted traffic and uninvited guests and you might be subject to an unwanted Tutorial being hosted on your box that post almost everything about your system to the web, well some system settings show but the author that created and posted his techniques and scripts left one small unknown feature hidden.
QUOTE (NetFrameWorker)
Funny you should mention this because Rass and the default firewall as im told by servermatrix's security personal and support team that they will not support or offer support for thrid party firewalls or even the built-in default firewall or rass configured as a firewall on the win2k3 system .
Be aware that a catch(22) $charge could surface when implementing these features if you lock yourself out of the box.
Be aware that a catch(22) $charge could surface when implementing these features if you lock yourself out of the box.
So far I haven't heard of anyone being charged for this happening. I know of several people that have locked themselves out and the Support Staff disabled the Firewall without question.
RRAS is a very, very, simple firewall. I don't think it was really designed to be used for what most people here need. I currently use it myself, but I'm cosidering a few alternatives for the future. The type of business I'm in it's causing me many problems since my clients have detailed rules they need for their accounts. I'm basicly getting tired of changing the firewall mappings 2-3 times per day.
QUOTE (Lunch[box)
]
So far I haven't heard of anyone being charged for this happening. I know of several people that have locked themselves out and the Support Staff disabled the Firewall without question.
So far I haven't heard of anyone being charged for this happening. I know of several people that have locked themselves out and the Support Staff disabled the Firewall without question.
I only stated that for future reference as I was once told this by staff members of the servermatrix company.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.