If you must leave the ADSL adapter in the server as the connection point, then you're probably stuck using some sort of Windows-based software firewall (Kerio comes to mind). My preference would be to switch to an external DSL modem and use a dedicated firewall box, such as Astaro -
Good luck!!
A small business I am dealing with have the following setup.
Windows 2000 Domain Controller, also running SQL server for a customer database. This server has a PCI ADSL adapter on the server with ICS enabled, and a NIC wired to a 4 port switch, on another port is a wireless access point. 10 other computers have wireless cards no wired network is in use. Also no encryption is used for the wireless setup. Wireless network runs at 22mbps.
The company is looking for something that would allow for the following.
Each PC will access POP3 and SMTP server from the ISP, and web. Possible VPN solution for remote management of server. Good degree of firewall protection.
It would also be handy if the company could still use the original wireless access point as this supports 22mps
Thanks.
Have a look at the ZyXEL ZyWALL 5:
If you want security then this has to change - remove the ADSL adapter, install an appliance that does PPOE authentication, and you will have many options.
What's the point of installing a firewall if you don't secure the wireless, if they don't value the network then why bother protecting it?
You have several options once you get the DSL card out of the server and onto a device.
Since you don't care about security (as exampled by the completely open wireless network) you could use a simple NAT Router to provide all of what you want. The router, many of them, support inbound PPTP sessions, so you could allow users to VPN (PPTP) into the server from anywhere at any time and manage it through their user accounts. A cheap D-Link DI-
804HV unit supports inbound PPTP sessions (even directly to the unit) and runs about $59 in most places:They can use a WAP with any network layout, since it's an access point you only need to change the subnet to match that of the network and you're in.
Keep in mind, anyone in range can also (already) use this same network, you need to secure it.
X-No-Archive: Yes
It sounds like the business he is dealing with is using either ICS, or some other software-based. I say stick with it, from a financial point of view. There is more than just ICS. If you dont want to use ICS, there are a number of other software-based products that will do the same thing. Programs, such as AllegroSurf or ProxyPro, can handle DHCP service. There are even a few programs that will do firewall and NAT in one program.
an external DSL modem and
Plan is to replace the current adsl adapter, as i am not keen on leaving this on the server.
Thanks was thinking of the Zyxel Prestige 652H.
Thanks.
I dont think they realised how bad the security was, and did not realise they bloke who set up the wireless access point left it open, Current plan is to remove the ADSL card, install a Zyxel Prestige 652H, And then reconfigure the WAP as this supports 256-bit WEP encryption.
Unless anyone has any other suggestions.
Make sure you read up on the Zyxel online, try google, before you purchase one.
I would also consider a router/nat/firewall device and a separate WAP so that you are not tied to one vendor for both solutions. This would enable you to mount the router/nat/firewall in one location and the WAP in another location.
Yes I realise the 652 also includes wireless but think this is optional, and would not suggest the company uses this, I am hoping that actually scrap the wireless network altogether. If they wont then will use the Wireless Access point they already have. I read up on Zyxel, could not find anything bad, unless you know different?
The poster that provided you with their information is a reseller of their services, I'm always very leery of a poster that suggests their own products. Most of us give advice based on experience and without any connection to the companies products we suggest.
There are a number of units out there that don't do wireless that are in the lower end price range, and the D-Link DI-804HV is a nice unit for a small office and also provides access as a PPTP end-point if needed.
I have nothing to say about Zyxel, they could be good units, but you might find information on issues using Google.
The probably use wirless so they dont have a bunch of network cabling that someone could trip over and then sue the company. This is why I think you will have a hard time getting the company to get rid of wirless networking. It simply a safety issue. Only if they can punch holes in the walls that run the cabling through the walls would some companies to wired networking.
I have found a couple of place offering the Zyxel for about £129 but will have a look at the D-link as well.
Thanks
Problem is they are in the process of moving buildings, spent a year doing the new building up, rewiring and putting in a telephone switchboard system.
At the time one of the partners got it into his head that wireless was the future and would not be required in the new office, and even decided the old office should be converted to wireless. They went as far as replacing their current 100mpbs wired network with wireless, all the computers bar 1 are desktop PC's, so they fitted wireless PCI cards. Cabling was never an issue as it was out of the way.
So this new future system, reduced the speed of the network to 22mbps, and the only laptop is always used in the same place.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.