Don't Use SBS as the Default Gateway

After having issues with dropped internet connections, when a Small Business Server 2003 is used as the (default) gateway I started to do some quick research. However it didn't turn up anything too useful.

While Microsoft proposed using the SBS as the default gateway (with two NICs) as a viable solution, I wasn't so sure. If the server was compromised, it was game over. There was no second layer of security and the whole system didn't work as expected.

So instead of solving the problem (the security concerns couldn't be resolved anyway), I just mitigated it by using an old server as a Linux firewall. For easier handling I chose (no, I'm not affiliated with them, this is no hidden product placement) - one of a bunch of free (GPL) unified thread management [UTM] systems. It offers in- and outbound firewalls, proxies for HTTP, POP3, SMTP,... (with capabilites for spam detection, virus scanning,...), logging, VPN,...
So it definitely adds an additional layer of protection.

After deploying the system, the internet connection has been rock-solid until today.

Lesson learned: Think out of the box. By solving one problem (internet connection), one can probably archieve something else as well (better security).

Final note: Windows SBS2008 cannot be used as a default gateway any more. Probably because Microsoft wants to sell more ISA licenses, but it probably didn't work too well...



Subscribe to Linux