Do I need dedicated firewall?

Question

I have two servers in the datacenter.

FreeBSD <--> Windows Server

FreeBSD configured as a gateway for Windows Server.

What is the best:

FreeBSD has only firewall. All services are on the Win Server machine (e.g. firewall on FreeBSD, mail, web server on Windows Server)
Services are on the both servers (e.g. mail/firewall on FreeBSD, web server on WinServer)

It appears that your question is only about the placement of the email server? — schroeder, Apr 27 '15 at 17:05

score 1 · Answer 1 · answered Apr 27 '15 at 15:38

As a general rule of thumb, running other services on security-related devices such as firewalls should be kept to a minimum. In other words, a firewall should ideally only be a firewall, and nothing else. The more services you run, the more likely one of them will contain a vulnerability that can allow an attacker to take over the machine. If that machine happens to be a firewall, it will make it much easier to compromise the rest of the network.

Do I need dedicated firewall?

1 Answers1