Good morning everyone!

All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
- So the SBS will lose its firewall function and the network will be
protected only by Netgear. This makes me a bit concerned. I am
wondering if you have a site that has 1-NIC setup behind Netgear and
if it runs okay in terms of security?

- To change to 1-NIC from 2-NIC, i guess i just simply need to disable
a NIC and re-run CEICW, is that right?


I would great appreciate if someone could share some thoughts

Thanks in advance
Jack

On 07/01/2010 11:54, Jack wrote:

> Good morning everyone!
>
> All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
> to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
> - So the SBS will lose its firewall function and the network will be
> protected only by Netgear. This makes me a bit concerned. I am
> wondering if you have a site that has 1-NIC setup behind Netgear and
> if it runs okay in terms of security?
>
> - To change to 1-NIC from 2-NIC, i guess i just simply need to disable
> a NIC and re-run CEICW, is that right?
>
>
> I would great appreciate if someone could share some thoughts
>
> Thanks in advance
> Jack
>
>
>

I run a 1 NIC setup on SBS2003 behind a Watchguard firewall... no
problems at all. Indeed, I believe that in SBS2008, a 1 NIC setup is the
ONLY setup that is possible. I guess you just need to make sure that you
have a hardware firewall that is up to scratch and correctly configured.

The procedure to move from 2 nics to 1 is covered in the sbs 2003 to sbs
2008 upgrade document, as I recall. If your network is of any complexity,
it is worth thinking about a little--as I recall I had to do some
renumbering of some devices that were directly connected to the router.
Aside from that, it was quite simple, as I recall.


"James Hurrell" <"j_a_hurrell at hotmail com"> wrote in message
news:Og1XMF5jKHA.2132@newsgroup

> On 07/01/2010 11:54, Jack wrote:

>> Good morning everyone!
>>
>> All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
>> to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
>> - So the SBS will lose its firewall function and the network will be
>> protected only by Netgear. This makes me a bit concerned. I am
>> wondering if you have a site that has 1-NIC setup behind Netgear and
>> if it runs okay in terms of security?
>>
>> - To change to 1-NIC from 2-NIC, i guess i just simply need to disable
>> a NIC and re-run CEICW, is that right?
>>
>>
>> I would great appreciate if someone could share some thoughts
>>
>> Thanks in advance
>> Jack
>>
>>
>>

> I run a 1 NIC setup on SBS2003 behind a Watchguard firewall... no problems
> at all. Indeed, I believe that in SBS2008, a 1 NIC setup is the ONLY setup
> that is possible. I guess you just need to make sure that you have a
> hardware firewall that is up to scratch and correctly configured.

On Jan 7, 6:02*am, James Hurrell <"j_a_hurrell at hotmail com"> wrote:

> On 07/01/2010 11:54, Jack wrote:
>
>
>

> > Good morning everyone!

>

> > All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
> > to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
> > - So the SBS will lose its firewall function and the network will be
> > protected only by Netgear. This makes me a bit concerned. I am
> > wondering if you have a site that has 1-NIC setup behind Netgear and
> > if it runs okay in terms of security?

>

> > - To change to 1-NIC from 2-NIC, i guess i just simply need to disable
> > a NIC and re-run CEICW, is that right?

>

> > I would great appreciate if someone could share some thoughts

>

> > Thanks in advance
> > Jack

>
> I run a 1 NIC setup on SBS2003 behind a Watchguard firewall... no
> problems at all. Indeed, I believe that in SBS2008, a 1 NIC setup is the
> ONLY setup that is possible. I guess you just need to make sure that you
> have a hardware firewall that is up to scratch and correctly configured.-Hide quoted text -
>
> - Show quoted text -

1 NIC with a dedicated FW device should be good, we use SonicWALL TZ
series for our small buisness clients. Juniper, Watchguard, Cisco
should also be good.

Ben

In addition to the other great comments, you may have been under some false sense of security if you think SBS with 2 nics is "highly secure", unless ISA was included.

SBS 2003 with 2 nics and no ISA is just like having a consumer grade NAT router. However the Netgear FVS318 is listed as a business class firewall which would replace ISA.

A Single NIC behind this device is just as secure, because you're really relying on the device for the security, not the network configuration, per se

--
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-...7269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"Jack" <dontaskwhoiam2001@newsgroup> wrote in message news:1fa79d1a-dc13-4670-a935-7f42704822fd@newsgroup
Good morning everyone!

All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
- So the SBS will lose its firewall function and the network will be
protected only by Netgear. This makes me a bit concerned. I am
wondering if you have a site that has 1-NIC setup behind Netgear and
if it runs okay in terms of security?

- To change to 1-NIC from 2-NIC, i guess i just simply need to disable
a NIC and re-run CEICW, is that right?


I would great appreciate if someone could share some thoughts

Thanks in advance
Jack

On Jan 7, 8:35*am, "Cris Hanna [SBS - MVP]"
<crisnospamha...@newsgroup> wrote:

> In addition to the other great comments, you may have been under some false sense of security if you think SBS with 2 nics is "highly secure", unless ISA was included.
>
> SBS 2003 with 2 nics and no ISA is just like having a consumer grade NAT router. *However the Netgear FVS318 is listed as a business class firewall which would replace ISA.
>
> A Single NIC behind this device is just as secure, because you're really relying on the device for the security, not the network configuration, per se
>
> --
> Cris Hanna [SBS - MVP] (since 1997)
> Co-Contributor, Windows Small Business Server 2008 Unleashedhttp://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672...
> Owner, CPU Services, Belleville, IL
> A Microsoft Registered Partner
> ------------------------------------
> MVPs do not work for Microsoft
> Please do not submit questions directly to me.
>
> * "Jack" <dontaskwhoiam2...@newsgroup> wrote in messagenews:1fa79d1a-dc13-4670-a935-7f42704822fd@newsgroup
> * Good morning everyone!
>
> * All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
> * to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
> * - So the SBS will lose its firewall function and the network will be
> * protected only by Netgear. This makes me a bit concerned. I am
> * wondering if you have a site that has 1-NIC setup behind Netgear and
> * if it runs okay in terms of security?
>
> * - To change to 1-NIC from 2-NIC, i guess i just simply need to disable
> * a NIC and re-run CEICW, is that right?
>
> * I would great appreciate if someone could share some thoughts
>
> * Thanks in advance
> * Jack

Another FYI...SBS2008 removed the 2NIC support and not offer ISA any
more even with SBS Premium. SBS premium includes a server software
(2008 STD) for another Server and SQL

On Jan 7, 3:54*am, Jack <dontaskwhoiam2...@newsgroup> wrote:

> Good morning everyone!
>
> All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
> to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
> - So the SBS will lose its firewall function and the network will be
> protected only by Netgear. This makes me a bit concerned. I am
> wondering if you have a site that has 1-NIC setup behind Netgear and
> if it runs okay in terms of security?
>
> - To change to 1-NIC from 2-NIC, i guess i just simply need to disable
> a NIC and re-run CEICW, is that right?
>
> I would great appreciate if someone could share some thoughts
>
> Thanks in advance
> Jack

Thanks a lot everyone!

It's okay, though certainly not outstanding. Keep in mind that
unless you are restricting OUTBOUND traffic, you probably have the
equivalent of a simple router setup anyway. Any inexpensive router/firewall
such as the FVS318 will give you basic inbound protection.

Outbound restrictions are where the men are separated from the boys.
While attackers pounding on the network from the outside are a real threat,
equally dangerous are those cases where users inside the network are
inviting malicious traffic from outside, and unless you are restricting that
outbound traffic, even a Sonicwall or Cisco will sit like a traffic cop just
feverishly waving everything through.

One good example is that if all mail is being handled by Exchange,
then only the Exchange server should have access to SMTP outbound. Anything
else is probably a compromised workstation transmitting spam, or someone
transmitting/sending unauthorized personal mail. That's where one might have
trouble with a less expensive router.

If a client is on a small budget, the FVS318 will do more than the
minimum-- the key would be to configure it properly, meaning restrict as
much outbound traffic as possible.

"Jack" <dontaskwhoiam2001@newsgroup> wrote in message
news:1fa79d1a-dc13-4670-a935-7f42704822fd@newsgroup

> Good morning everyone!
>
> All my sites are 2- NIC on SBS behind Netgear FVS318. But I may have
> to reconfigure the SBS from 2-NIC to 1-NIC for one site soon.
> - So the SBS will lose its firewall function and the network will be
> protected only by Netgear. This makes me a bit concerned. I am
> wondering if you have a site that has 1-NIC setup behind Netgear and
> if it runs okay in terms of security?
>
> - To change to 1-NIC from 2-NIC, i guess i just simply need to disable
> a NIC and re-run CEICW, is that right?
>
>
> I would great appreciate if someone could share some thoughts
>
> Thanks in advance
> Jack
>
>
>