I would recommend: A) Losing the Windows server and switching to Splat. No, I'm not a Linux guru, I'm a Windows admin, but frankly I find the constant patching of Windows to be a royal pain. Life got so much better with my firewall when I installed splat. And you still have a GUI management interface.
B) Separate the DNS servers from the firewall. A firewall should be a firewall, and that's it. DNS belongs on it's own in a DMZ, preferably on a hardened system also like a prebuilt virtual appliance? Regards Brian -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of FW-1-MAILINGLIST automatic digest system Sent: Wednesday, June 03, 2009 12:01 AM To: [email protected] Subject: FW-1-MAILINGLIST Digest - 28 May 2009 to 2 Jun 2009 (#2009-92) There is 1 message totalling 40 lines in this issue. Topics of the day: 1. Windows 2003/R65 OS patch management ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ---------------------------------------------------------------------- Date: Wed, 3 Jun 2009 06:13:10 +0300 From: a bv <[email protected]> Subject: Windows 2003/R65 OS patch management Hi, I have 2 hardware which on both Windows 2003 Server and R65 is installed. Also DNS server on both systems are working on to host the companies domains. For a long time the main firewall is working online. But this weekend i need to make the backup fw the same as the main one. I have exported the CP configuration and imported to the backup one, thats ok. But I need also the check the DNS entries and the patch of the OS itself. So for this time and generally what do you offer for the patch management of the OS firewall running on? Regards Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ------------------------------ End of FW-1-MAILINGLIST Digest - 28 May 2009 to 2 Jun 2009 (#2009-92) ********************************************************************* Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
