Untangle in an SBS2003 network

[lbennett]

I would like to block some web pages and log all web access for clients on an SBS2003 network. The SBS2003 server hast 2 NICs. From what I can see I can either place a UT Bridge between the servers external nic and the modem/router or install Re-router on a PC on the LAN side of the server. Can anyone with experience in this environment suggest which is the better way to go? And any gotchas if there are any.

[sky-knight]

I think I want to cry... yet another SBS "router" hanging out on the inet where it doesn't belong...

The "best" option is to kill ISA outright, get routing off that server, and put it behind the UT router. I don't care how "secure" something is... you just don't put sensitive commercial data directly on the internet...

But if you want to leave it alone, a bridge install between the SBS's LAN adapter and the main switch is the easy way.

[lbennett]

I should have said the internet device is a DSL Modem/Router/Firewall and it is locked down securely. It is not SBS2003 Premium and therefore doesn't have ISA. At the moment all I want to do is block and monitor web access.

[sky-knight]

Ahh, then what is the 2nd NIC doing?

If the SBS server is just another machine on the network then the easy way is a UT bridge install between the router and the first switch.

[lbennett]

In an environment like this I think some people think it is more secure to have two firewalls. SBS2003 Standard has a very basic firewall. I prefer to install SBS2003 Standard with only one NIC.

This is a production network and I don't want to change things just so they can try Untangle. A Re-router on the inside might be best for now.

[sky-knight]

Re-router on the "inside" will hack your ARP tables and logically be the bridge just without the rewiring. You're making the change either way, except that the re-router is hilariously unstable and almost guaranteed to fail. You're welcome to try it... but do a look around the forums first.

[lbennett]

Thanks for your input. Looks like the Bridge between router and first switch is the only reliable way to go. I will have to change the server to single NIC.

[girbot]

Quote:

Originally Posted by lbennett

Thanks for your input. Looks like the Bridge between router and first switch is the only reliable way to go. I will have to change the server to single NIC.

I went through this in our office environment, and would have to agree with sky.

The bridge install was quick and painless, not had a problem since.

Router-UT-Switch-Sbs(with DHCP)

[YeOldeStonecat]

Quote:

Originally Posted by lbennett

I should have said the internet device is a DSL Modem/Router/Firewall and it is locked down securely. It is not SBS2003 Premium and therefore doesn't have ISA. At the moment all I want to do is block and monitor web access.

If it's already behind an ISP supplied combo modem/NAT router (gateway appliance)...why is SBS multi-homed if you're not running ISA?

Disable the WAN NIC on SBS, reset the LAN IP of the modem/router to be in the range of your internal network, and re-run the CEICW.

I prefer Untangle to my only router/firewall on clients networks....so I usually reconfigure any ISP supplied modem/router to run in pure bridged modem mode only, Untangle gets the public IP on the WAN interface.

[jasonemmg]

I've been looking around for a product that would allow me to monitor Internet activity of all employees in the office. Mostly interested in what web sites are visited throughout the day and be able to block those I determine NON-BUSINESS RELATED SITES!

I also have a SBS 2003. We have use a Sonicwall and 3 HP switches.

The set up is as follows:

T1 - router - sonicwall - switch - 2 switches(main network)
|
linksys router
to phone system
on other IP,etc..

My questions... A) I want to reformat then install only untangle on old PC, do I need XP on this PC or untangle only as O/S?
B) Do I connect this PC to the sonicwall or the switch after the sonicwall?

Thank you for answers in advance !
Jason