Solved

Windows Firewall

Posted on 2006-07-05
8
344 Views
Last Modified: 2012-05-05
When I first installed SBS 2003, Windows Firewall was running. For some reason after applying Windows updates and getting up to the stage where the server is ready to go, I get the following message when trying to start the Windows Firewall service:

"Windows Firewall cannot run because the Windows Firewall/Internet Connection Sharing (ICS) service is not running."

Any ideas? Isn't it a bit risky having the firewall disabled?

Thanks in advance.
0
Comment
Question by:DReade83
  • 3
  • 2
  • 2
8 Comments
 
LVL 7

Expert Comment

by:puter_geek
ID: 17046769
It is VERY risky, and definitely not recommended if you have it connected directly to the internet.  If you have a router, or hardware firewall of some sort, then it's not so bad at all. You just have to have something there.  

Personally, on my server, I don't have it running, but I also have a Linksys router between it and the world.  I forwarded the ports I needed through the router and that was it.  80, 21, 3389, ect.
0
 

Author Comment

by:DReade83
ID: 17046861
Ah right, that's what I have, a hardware firewall/router with port forwarding setup.

Any idea why Windows disables it?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17050295
Hi DReade83,

Did you happen to run the Security Configuration Wizard?  Because the Windows Firewall should NOT be installed or running on an SBS.  If you have SBS Standard, RRAS will act as your firewall if you have two NICs (you should also have a hardware firewall in front of your server such as puter_geek suggested.

You configure all of this with the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Jeff
TechSoEasy
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 7

Expert Comment

by:puter_geek
ID: 17075356
Because since you only have one network connection, it automatically disables it.  Part way through the install it asks you if it is connected through the internet through a residential gateway, so it knows that it doesn't need it and disables it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17077532
Has nothing to do with having one Internet connection... you're thinking of RRAS's firewall...  which would be disabled with a single NIC, not because it doesn't need it, but because it won't work with only one interface.  

However, the question is regarding the ICS Firewall... the Windows internal software firewall... which shouldn't be enabled at all on an SBS.

Jeff
TechSoEasy
0
 

Author Comment

by:DReade83
ID: 17077727
Could you explain why please Jeff? I'm just curious why SBS disables it.

Thanks.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17077827
SBS has full versions of Windows Server 2003, Exchange Server, IIS, Active Directory, DNS and DHCP.  As well as ISA Server and SQL Server (if premium).  Becuase these are full versions, they have all the features you'd find in the standard products.  However, because SBS has all of these things operating on the same machine there are a number of things that you wouldn't use even though they haven't been taken out.  The ICS Firewall is one of those.  

It also shouldn't be used on any Server 2003 that is a DC or provides DHCP.

Please review http://support.microsoft.com/kb/324286 for more info and which includes this statement:

• Do not use ICS on a network that:

• Uses static IP addresses
• Has a Windows Server 2003 domain controller
• Uses other DNS servers, gateways, or DHCP servers
 
Jeff
TechSoEasy
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question