Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Stateful Firewall- Windows XP Firewall vs. Cisco VPN client Stateful Firewall

Posted on 2006-06-14
2
Medium Priority
?
495 Views
Last Modified: 2013-12-04
Is the Windows Firewall a sufficient replacement for the Cisco VPN v4.6x Stateful Firewall (Always On) feature?  
For our WinXP clients, in the past, we enabled the Cisco VPN Stateful Firewall whenever the client came up not connected to our internal network (a utility we created checked to see if it was on the inside at Windows Startup).

With WinXP SP2 and its firewall, is there any reason to maintain this Cisco VPN client’s Stateful Firewall enabled? Note that the Cisco SF enabled packet filtering whether or not the client is connected through VPN – so if they were at home, but not VPN’d into our network it still did its thing.

I read that the Windows XP firewall also does Stateful Packet filtering.  Is this true?  Can we safely turn off our Cisco SF?  

Thanks,
<> Bailey
0
Comment
Question by:baileyk9
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 800 total points
ID: 16906016
Yes, you can turn off the cisco SF, and XP's is stateful. Stateful is a fancy word for "remembering connection status".  http://en.wikipedia.org/wiki/Stateful_firewall
There can be problems if running two or more firewalls at once also, if one has more restrictive or differnt blocks in place, you have to look at both to find out what to change, basically overlap. You also are consuming system resorces and inviting BSOD's from having two programs acting on the same packets, perhaps in conflicting ways.
The XP Pro firewall is a sufficient firewall to keep out connections that are not initiated from the XP machine. There are firewalls like ZoneAlarm that also protect outgoing connections, pausing, allowing or denying programs to access the NIC\
http://en.wikipedia.org/wiki/Zone_Alarm
Windows firewall currently doesn't allow you to use such "egress" filtering of port's, and it's filtering of programs (xp's) is flawed, as you can rename an exe and it by-passes that restriction... ZA makes a hash/checksum of the exe and uses that to check for access, not just a simple file name.
-rich
0
 

Author Comment

by:baileyk9
ID: 16935746
richrumble,
thanks for the input.  I was hoping to confirm my opinion on this, which you did.
But you also provided some additional valuable information, and rapidly as well.
appreciate the effort.

regards,
Bailey

(I was out on vacation, so just getting to closing this out)
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question