Question : Firewall/Proxy

We are considering upgrading to Small Business Server.  It has proxy, which I am gathering it is a firewall. I am looking to implement a network security solution. Can some clear up for me what is the difference between Proxy and a hardware firewall. and suggest which will be a better choice. Let me give you a breakdown of what we have.

1  Win 2k server with exchange 2k
10 Win 2k pro
2  Win 98

We use outlook Web Access.  
We do not host web, ftp or any thing else.

Should we 1st invest in a server and put Exchange on it, and still give it a public IP so we can access OWA ( OWA is accessed through dynamic ISP IPs). Then install the DC on an internal IP to protect data.  

Or should we just go ahead and invest in Small Business Server, and Proxy will do the job.


Our goal is to protect data, while allowing OWA, and Terminal server capabilities (administrative for now and possibly applications in the near future).

Answer : Firewall/Proxy

from the standpoint of internally sourced requests, the functional differences between a proxy and firewall are as follows....

[proxy]
a proxy will act on behalf of the client...
  - ie. a client makes request to proxy, proxy makes outbound request, proxy returns results to client.

there is generally a secondary protocol or application protocol extension that is used for secure transmission between the client and the proxy (and possibly the proxy and the next proxy,...,...)

[firewalls]

a firewall will forward/route/[translate] packets...
  - ie. client makes outbound request, traffic flows through firewall's inbound and outbound tcp/ip stack where each packet is subject to the rules, if the traffic is allowed then the firewall will forward the traffic to the next hop.  when response traffic comes back this process is in reverse.

this can be hardware -or- software.
  - [hardware] shasta, nokia ip*** (which really runs checkpoint, so it's a toss-up)
  - [software] ipfw/ipfilter/checkpoint/etc.

[which one's better?]
depends on organizational structure, size, and the support availability for each of the options being evaluated both internally and from the vendor.  while it's a general consensus that proxys provide more security (in the form of application-level security, instead of network-level security), i'm personally a fan of firewalls.