In some cases UNIX box or Cisco firewall is not an option. I had deal with the Satellite ISP, where only a Windows box can be connected to the Internet.
Kerio makes a firewall product which is free for personal use. http://www.kerio.com/us/kpf_download.html I'm not sure how good it is compare to other windows firewalls, but it's free for personal use. Alex. -----Original Message----- From: Mark S. Searle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 07, 2003 9:14 AM To: H C; Rick Darsey; [EMAIL PROTECTED] Subject: RE: win2k firewall I would purchase an inexpensive firewall, say a PIX 506 or something from eBay and take the need for a software based firewall away from the web server. This would impact performance anyway and slow things down if you have a high hit volume. I would address the server privately and carry out NAT on the PIX to a public global address. In addition I would only open ports 80 (http) and 443 (https) and make sure that there are not static entries in the PIX for the internal network. This will prevent the web server from being used as a hop point into the Internet. The web server should be placed in a DMZ with a lower security rating than the LAN. Hopefully this will maintain good server performance and represent a reasonably cost effective solution.
