Solved

Stateful Firewall- Windows XP Firewall vs. Cisco VPN client Stateful Firewall

Posted on 2006-06-14
2
464 Views
Last Modified: 2013-12-04
Is the Windows Firewall a sufficient replacement for the Cisco VPN v4.6x Stateful Firewall (Always On) feature?  
For our WinXP clients, in the past, we enabled the Cisco VPN Stateful Firewall whenever the client came up not connected to our internal network (a utility we created checked to see if it was on the inside at Windows Startup).

With WinXP SP2 and its firewall, is there any reason to maintain this Cisco VPN client’s Stateful Firewall enabled? Note that the Cisco SF enabled packet filtering whether or not the client is connected through VPN – so if they were at home, but not VPN’d into our network it still did its thing.

I read that the Windows XP firewall also does Stateful Packet filtering.  Is this true?  Can we safely turn off our Cisco SF?  

Thanks,
<> Bailey
0
Comment
Question by:baileyk9
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 200 total points
ID: 16906016
Yes, you can turn off the cisco SF, and XP's is stateful. Stateful is a fancy word for "remembering connection status".  http://en.wikipedia.org/wiki/Stateful_firewall
There can be problems if running two or more firewalls at once also, if one has more restrictive or differnt blocks in place, you have to look at both to find out what to change, basically overlap. You also are consuming system resorces and inviting BSOD's from having two programs acting on the same packets, perhaps in conflicting ways.
The XP Pro firewall is a sufficient firewall to keep out connections that are not initiated from the XP machine. There are firewalls like ZoneAlarm that also protect outgoing connections, pausing, allowing or denying programs to access the NIC\
http://en.wikipedia.org/wiki/Zone_Alarm
Windows firewall currently doesn't allow you to use such "egress" filtering of port's, and it's filtering of programs (xp's) is flawed, as you can rename an exe and it by-passes that restriction... ZA makes a hash/checksum of the exe and uses that to check for access, not just a simple file name.
-rich
0
 

Author Comment

by:baileyk9
ID: 16935746
richrumble,
thanks for the input.  I was hoping to confirm my opinion on this, which you did.
But you also provided some additional valuable information, and rapidly as well.
appreciate the effort.

regards,
Bailey

(I was out on vacation, so just getting to closing this out)
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is S-1-5-90-2? 16 312
Windows 2012 session collection security. 2 73
ransomware and redirected folders 9 95
deny local logon 12 78
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
OfficeMate Freezes on login or does not load after login credentials are input.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now