I would agree with switching to splat, it is by far a lot easier to manage than windows servers. Also I never ran any DNS on any firewall, that is allowing a lot of access to a firewall and I would consider that a huge security risk. My opinion only.
Plus DNS would be a drain to resources which any firewall needs all teh resources it can get. Putting DNS on a hardend device is a great idea, there are cheaper ones that you could explore but you already have a par of windows boxes so buy some good servers of your choice throw splat on it is very easy to learn, easy install etc.. Just make sure it is on compatability list, slide the old firewall over to DMZ for DNS and you might find that it runs a lot smoother with better performance. ----- Original Message ---- From: Brian Gardner <[email protected]> To: [email protected] Sent: Thursday, June 4, 2009 11:10:40 AM Subject: Re: [FW-1] FW-1-MAILINGLIST Digest - 28 May 2009 to 2 Jun 2009 (#2009-92) I would recommend: A) Losing the Windows server and switching to Splat. No, I'm not a Linux guru, I'm a Windows admin, but frankly I find the constant patching of Windows to be a royal pain. Life got so much better with my firewall when I installed splat. And you still have a GUI management interface. B) Separate the DNS servers from the firewall. A firewall should be a firewall, and that's it. DNS belongs on it's own in a DMZ, preferably on a hardened system also like a prebuilt virtual appliance? Regards Brian -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of FW-1-MAILINGLIST automatic digest system Sent: Wednesday, June 03, 2009 12:01 AM To: [email protected] Subject: FW-1-MAILINGLIST Digest - 28 May 2009 to 2 Jun 2009 (#2009-92) There is 1 message totalling 40 lines in this issue. Topics of the day: 1. Windows 2003/R65 OS patch management ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ---------------------------------------------------------------------- Date: Wed, 3 Jun 2009 06:13:10 +0300 From: a bv <[email protected]> Subject: Windows 2003/R65 OS patch management Hi, I have 2 hardware which on both Windows 2003 Server and R65 is installed. Also DNS server on both systems are working on to host the companies domains. For a long time the main firewall is working online. But this weekend i need to make the backup fw the same as the main one. I have exported the CP configuration and imported to the backup one, thats ok. But I need also the check the DNS entries and the patch of the OS itself. So for this time and generally what do you offer for the patch management of the OS firewall running on? Regards Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ------------------------------ End of FW-1-MAILINGLIST Digest - 28 May 2009 to 2 Jun 2009 (#2009-92) ********************************************************************* Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
