Recommended Firewall for W2K Server?

  Gaz W 19:20 18 Jul 04

I have been using Zone Alarm (freeware version) for 2 years on my Windows 2000 Server, but after loads of problems with it (interfering with DHCP/DNS and causing all sorts) I had been considering a change. The final straw was when I downloaded the latest update and it said:

"This Zone Labs product is not intended to protect server operating systems. This may affect our ability to support you. Do you want to proceed with installation?".

I would have clicked Yes, but I thought that if it now detects my OS, it will probably prevent me from receiving future updates anyway.

I realise that the freeware version was never intended for servers anyway, but it has been protecting my network for 2 years - maybe too well!

Obviously I am going to need a good firewall, preferably free or at least very cheap (or dare I say it downloadable and update-able without me having to pay for it until I've tried it - without it being a trial version that probably won't update).

Any suggestions?

  MichelleC 19:27 18 Jul 04

Had probs with ZA ages ago and tried Kerio free and never any probs click here so maybe worth a try for server.

  Gaz W 19:38 18 Jul 04

Thanks MichelleC - I'll give it a try.

One thing though - I'm assuming I'll need to get ZoneAlarm off before installing Kerio. I can download it still using ZoneAlarm, but there's going to be a long time where I am connected to the net without a firewall, unless it'd be OK for me to switch off my net connection while it's uninstalling & installing the new one.

I remember when I did ZoneAlarm it wouldn't let me connect to the net and the only way around it was to install with the internet connection on, but this meant I got a virus!

Anyway I'll try and sort something out - just wondering if you knew if it'd allow me to have my net connection off!

  MichelleC 19:46 18 Jul 04

Disconnect from net and once ZA is uninstalled it's best to reboot 1st then install Kerio. When it's guard comes up I click ok's and let it do it's own filtering. It'll ask ok for all progs traffic.

  Gaz W 19:51 18 Jul 04

Is this version 2 or 4? I've just looked at the comparison chart and it says version 2 runs on a Windows server OS but has been discontinued, and both version 4 (free and full versions) don't run on a Windows server OS. Whether this is strictly true or whether it's just like ZoneAlarm was (i.e. it will still work) I don't know.

Are you running W2K server?

  Gaz W 21:59 18 Jul 04

Tried installing Kerio but it won't install on W2K server, which is unfortunate. Anyway, thanks for the suggestion MichelleC.

Anyone know of another firewall - free or otherwise - that I can use?

  oglemire 22:17 18 Jul 04

I would recomend a hardware device for a network, that way you will be protected from the public domain without interfering with normal network communication , for DHCP and DNS to function you will need to open port 53 88 and 89 on ZA (if your using a version that gives you that level of control) ... I use Vigor 2600 devices.. adsl router, good price / vpn endpoint and passthrough.

  Gaz W 01:10 19 Jul 04

I had considered a hardware firewall, and it did cross my mind that I could build one and have a separate web server and primary domain controller, but I think, for now certainly, I'll stick with a software firewall.

As for opening ports, I'll have a look in ZoneAlarm and see if there's any way I can do that.

What I have just done in ZA is run the network without the internet connection on and just allowed everything that came up, which is basically what I did last time.

Anyway, thanks for your suggestions and I'll let you know what happens in the next few minutes.


  Gaz W 01:42 19 Jul 04

It seems that ZoneAlarm, or at least the free version I have, does not allow me to open ports manually. It has allowed connections for port 53 but I can't see any mention of the other ports you mentioned.

I'm going to leave it overnight and see if it blocks any more; there are a few DNS things that have been blocked but this might have been before I checked the box to allow DNS/DHCP on the trusted zones.

I also have the option to allow DNS/DHCP on internet zones, but wasn't sure if this was a good idea so I left it.

The outcome so far is that IF I can get ZoneAlarm to behave itself and only block what it's supposed to I might stick with it as it still WORKS on W2K server.

  Chegs ® 06:58 19 Jul 04

click here

Loads of info here,I was looking for a page I viewed recently with a huge list of firewalls,all d/l and including a review of each,but couldn't find the page(Its been bookmarked but cannot find it now as I have several browsers)

  Gaz W 22:45 20 Jul 04

Thanks for that link Chegs ®.

At the moment I've not found anything though...

The problem with most of them is that if they are personal firewalls they won't work on 2K server. Norton won't work I don't think - it might but there's probably a Symantec firewall for that, like there is with Norton/Symantec Ghost.

This thread is now locked and can not be replied to.

Huawei P10 review

1995-2015: How technology has changed the world in 20 years

An overview: What leading creative agencies are doing to improve diversity

New iPad, iPhone SE & Red iPhone 7 on sale now