Topic: Separate FW Required?

[Drylouvre]

Hi,

After playing around with SME 7.1.3 for a few days I'm impressed enough to want to use it for our company intranet. I've just purchaed a small Dell server to run it and plan to use it in server/gateway mode, bring our email inhouse and use it for file sharing and web development but leave our main website on our external server. The documentation indicates that I can just plug SME into my modem, configure it and its implementation of iptables will be sufficient for security but I read in many places in the forum that a FW (smoothwall, IPCOP etc) is recommended in front of SME. What is the best course of action in this case? I have an old PC that I could use and I also have a Linksys router that has an SPI FW. If it is best to use a FW in front of SME I'm guessing that I just have to open port 25 inbound. Is this right or am I worrying myself unnecessarily?

Cheers

Dry

[dmay]

That is a decision for you to make. It is usually based on three factors:

1) level of acceptable security risk
2) specific firewall features you require
3) $$$ budget

The end result is typically two choices:

SME meets your acceptable level of security risk. Offers all the firewall features you need. Meets your budget. So you deploy in server-gateway mode acting as your firewall.

-or-

SME fails to meet #1 or #2 above so is deployed behind one or more perimeter firewall devices that do.

Darrell

[Strangelite]

I use an IPcop box as the FW and the SME server for mail and shared drives - this is mainly becuase I like the FW seperate [and i've be using IPcop since for ever], you can use both if you wish.

[Boris]

Firewall included with SME is secure, but very basic. It is sufficient in most cases.
The only need for separate FW is requirements for an advanced features like multi IP alias, Multiple DMZs, complicated routing etc.. or if you planning to rebuild, restart your development SME server often and need to keep you Internet access uninterrupted.