I'm totally new to dedicated server, but I've been able to find bunch of helpful tips from the forum to get me started.

I've been doing a lot of research on the forums for the best 3rd party firewall solution for Windows 2003 Server standard. Seems like people are having mixed experiences (good and bad) with Sygate, NTKernel, Tiny, and VisNetic.

I'm leaning towards Deerfield's VisNetic, but I did some more research on the internet and found yet another solution, InJoy Firewall for Windows http://www.fx.dk/firewall/windows.html.

Does anyone has any experience with F/X Communications' InJoy Firewall product?

Welcome to SB. I can't answer your question directly, but I went through the same thing you did and after some research and testing I wound up buying Kerio Server Firewall and haven't regretted it for a minute. It's easy to manage, has a built in intrusion detection/prevention system, and application hardening. You can download it and try it for 30 days. Best of luck to you.

~gary.

Thank you GaryK for you reply. Kerio Server Firewall price is a bit steep at $599.

Do you know what the main differences are between the host-based software firewall and the software firewall (Kerio Vs. VisNetic)? Deerfield doesn't seem to do a good job of explain the difference between the two. Why would I want to shell out a few hundred dollars more?

A software based firewall runs on a computer and performs your typical firewall functions.

A host-based software firewall runs on the computer which is hosting your application and is designed to allow only access to the allowed applications.

The primary difference on this level as it relates to Kerio vs. VisNetic is that Kerio can allow access on a thread level, whereas VisNetic can only allow access on a port/protocol level. (If you use ZoneAlarm, that's a host-based firewall because it allows/disallows based on the application attempting access).

Consider this scenario. Your web server is IIS and you want to allow it to act as a server on your computer. With VisNetic, you'd open up port 80 and allow HTTP packets through. But now imagine that some hacker hacked in to your computer, disabled IIS and installed Apache (another Web Server) also listening on port 80. VisNetic would allow Apache to serve pages since it uses port 80 and HTTP (which you opened for IIS). With Kerio, instead of just opening port 80 for HTTP traffic you could have been more specific and said, IIS can listen on port 80 for HTTP traffic, in which case, in the scenario above, Apache would not be able to serve pages if it were installed in IIS's place. Disregarding the strangeness of why a hacker would install Apache on your server, does that make sense?

Kerio also offers more advanced intrusion prevention features as well as an application hardening capability that purports to prevent buffer overflow attacks, etc.

VisNetic is best suited to run as a perimeter firewall (meaning it runs on a dedicated box that is just a firewall between the internet and your application servers) whereas, Kerio is specifically designed to run on the same system that is hosting applications. That isn't to say you couldn't/shouldn't run VisNetic on your application server, it just means that Kerio has more features to protect such systems.