Windows 10: Recommendation for HW or SW firewall

Hello experts, I'd like to get a recommendation or an advice regarding the use of HW or SW firewall solution. I have set up a web server on one of the computers on the local network. For example, IP address of this computer is 192.168.1.10. On this LAN there are about 20 computers and all of them can have access to this particular web server computer (WSC) in a sense that each user can open web browser and type 192.168.1.10:8000 to open a web content with some information. This WSC has two NICs and is connected to two different networks. It fetches data from one network and present it ot the other network (LAN) via web form. The only way computers on LAN 192.168.1.xxx can see the data should be to open a web page via http request. Now I need a firewall to restrict any kind of access to this WSC computer except through http protocol. So I need that only 192.168.1.10:8000 can pass through, all other means of access should be blocked. It would be ideal for me to buy some kind of simple HW device firewall and to put it between WSC computer and the rest of the LAN network. This device would let through only http request to this computer. Of course if there are software solution, that can work also. OS on all computers is Windows version is 10, 64 bit. Thank you.

:)

 

Recommendation for HW or SW firewall

Hello experts,

I'd like to get a recommendation or an advice regarding the use of HW or SW firewall solution.

I have set up a web server on one of the computers on the local network. For example, IP address of this computer is 192.168.1.10.
On this LAN there are about 20 computers and all of them can have access to this particular web server computer (WSC) in a sense that each user can open web browser and type 192.168.1.10:8000 to open a web content with some information.
This WSC has two NICs and is connected to two different networks. It fetches data from one network and present it ot the other network (LAN) via web form. The only way computers on LAN 192.168.1.xxx can see the data should be to open a web page via http request.

Now I need a firewall to restrict any kind of access to this WSC computer except through http protocol. So I need that only 192.168.1.10:8000 can pass through, all other means of access should be blocked.
It would be ideal for me to buy some kind of simple HW device firewall and to put it between WSC computer and the rest of the LAN network. This device would let through only http request to this computer.

Of course if there are software solution, that can work also.
OS on all computers is Windows version is 10, 64 bit.


Thank you.

 

Recommendation for HW or SW firewall

Nice explanation and you said all computers are running Windows, I assume that also includes server machine?

And I assume only 192.168.1.10 network (and the server machine) have access to internet...
That means there is some gateway device to internet and all computers on 192.168.1.10 including your server box (with only one NIC) are connected to that gateway?

That means you already have HW firewall which is likely your gateway device and it's purpose is blocking outside world.
Also, if so, this is easy solvable by defining firewall on you server, block everything, allowing only port 8000 to anyone.

Problem is remote access, you can allow remoting to server by defining separate firewall rule for that, but, anyone who remotes into server can bypass your firewall regardless if it's HW or SW.

Firewall will make you safe as long as those who remote into server are those you trust, because remoting most likely requires logon to privileged account on server machine.

Another less clear point is your web server, I understand that port 8000 is used to access data from "industrial network" which is hosted by server machine on demand, but what about outside world (on the internet)?
What port do you open for them to access your web service? and, is information from "industrial network" supposed to be available to outside world as well?

If not, then you need yet another firewall rule separate from others, that means a minimum of 3 inbound rules:
1. LAN to port 8000
2. Internet to WWW service
3. LAN to remoting service

Your firewall rules must be specific to NIC and must specify both local and remote address at a minimum.
Your server box if it is Windows server, has Windows firewall already there and you can configure it in GPO.

I assume you know how to configure Windows firewall on server?
Having additional hardware firewall between gateway and LAN toward your server computer can add additional layer to safety but is not really needed.

 

Recommendation for HW or SW firewall

you should not blame your server computer for letting other LAN members use it directly, it's your router that told them to go that route.

Any HW firewall will do but your server will no longer be on same segment.

Otherwise if you just want to block LAN to your server define new rule in Windows firewall with the following properties:
Code: