Solved

Stateful Firewall- Windows XP Firewall vs. Cisco VPN client Stateful Firewall

Posted on 2006-06-14
2
479 Views
Last Modified: 2013-12-04
Is the Windows Firewall a sufficient replacement for the Cisco VPN v4.6x Stateful Firewall (Always On) feature?  
For our WinXP clients, in the past, we enabled the Cisco VPN Stateful Firewall whenever the client came up not connected to our internal network (a utility we created checked to see if it was on the inside at Windows Startup).

With WinXP SP2 and its firewall, is there any reason to maintain this Cisco VPN client’s Stateful Firewall enabled? Note that the Cisco SF enabled packet filtering whether or not the client is connected through VPN – so if they were at home, but not VPN’d into our network it still did its thing.

I read that the Windows XP firewall also does Stateful Packet filtering.  Is this true?  Can we safely turn off our Cisco SF?  

Thanks,
<> Bailey
0
Comment
Question by:baileyk9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 200 total points
ID: 16906016
Yes, you can turn off the cisco SF, and XP's is stateful. Stateful is a fancy word for "remembering connection status".  http://en.wikipedia.org/wiki/Stateful_firewall
There can be problems if running two or more firewalls at once also, if one has more restrictive or differnt blocks in place, you have to look at both to find out what to change, basically overlap. You also are consuming system resorces and inviting BSOD's from having two programs acting on the same packets, perhaps in conflicting ways.
The XP Pro firewall is a sufficient firewall to keep out connections that are not initiated from the XP machine. There are firewalls like ZoneAlarm that also protect outgoing connections, pausing, allowing or denying programs to access the NIC\
http://en.wikipedia.org/wiki/Zone_Alarm
Windows firewall currently doesn't allow you to use such "egress" filtering of port's, and it's filtering of programs (xp's) is flawed, as you can rename an exe and it by-passes that restriction... ZA makes a hash/checksum of the exe and uses that to check for access, not just a simple file name.
-rich
0
 

Author Comment

by:baileyk9
ID: 16935746
richrumble,
thanks for the input.  I was hoping to confirm my opinion on this, which you did.
But you also provided some additional valuable information, and rapidly as well.
appreciate the effort.

regards,
Bailey

(I was out on vacation, so just getting to closing this out)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question