I am going to be evaluating a new firewall to replace my existing ISA Server 2006 Standard and I have a concern about its required configuration.
I have an AD network at current functional level of 2003 with one Windows Server 2003r2 DC, and one Windows Server 2008r2 DC both acting as DNS servers. The 2008r2 DC is also a DHCP server and the 2003r2 is a WINS server. ISA Server is a caching only DNS server. ISA is configured to allow client to site VPN, obviously relaying requests for addresses to the 2008r2 DHCP server.
The new firewall I am considering is a Barracuda X300. It can function as a DHCP server, and since it does not currently support DHCP relay would pretty much have to server as my DHCP server if I wanted to allow VPN access with dynamic address assignment.
Question is, do I want that? And would I then remove the DHCP service from my 2008r2 server? I will gladly consider other firewall options.
A side question, this firewall can also act as an authoritative DNS server, or simple cache DNS requests. I'm pretty sure I don't want it to act as an authoritative DNS server, am I right to think this?
Thanks
Manning
