Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows Firewall

Posted on 2006-07-05
8
353 Views
Last Modified: 2012-05-05
When I first installed SBS 2003, Windows Firewall was running. For some reason after applying Windows updates and getting up to the stage where the server is ready to go, I get the following message when trying to start the Windows Firewall service:

"Windows Firewall cannot run because the Windows Firewall/Internet Connection Sharing (ICS) service is not running."

Any ideas? Isn't it a bit risky having the firewall disabled?

Thanks in advance.
0
Comment
Question by:DReade83
  • 3
  • 2
  • 2
8 Comments
 
LVL 7

Expert Comment

by:puter_geek
ID: 17046769
It is VERY risky, and definitely not recommended if you have it connected directly to the internet.  If you have a router, or hardware firewall of some sort, then it's not so bad at all. You just have to have something there.  

Personally, on my server, I don't have it running, but I also have a Linksys router between it and the world.  I forwarded the ports I needed through the router and that was it.  80, 21, 3389, ect.
0
 

Author Comment

by:DReade83
ID: 17046861
Ah right, that's what I have, a hardware firewall/router with port forwarding setup.

Any idea why Windows disables it?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17050295
Hi DReade83,

Did you happen to run the Security Configuration Wizard?  Because the Windows Firewall should NOT be installed or running on an SBS.  If you have SBS Standard, RRAS will act as your firewall if you have two NICs (you should also have a hardware firewall in front of your server such as puter_geek suggested.

You configure all of this with the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Jeff
TechSoEasy
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 7

Expert Comment

by:puter_geek
ID: 17075356
Because since you only have one network connection, it automatically disables it.  Part way through the install it asks you if it is connected through the internet through a residential gateway, so it knows that it doesn't need it and disables it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17077532
Has nothing to do with having one Internet connection... you're thinking of RRAS's firewall...  which would be disabled with a single NIC, not because it doesn't need it, but because it won't work with only one interface.  

However, the question is regarding the ICS Firewall... the Windows internal software firewall... which shouldn't be enabled at all on an SBS.

Jeff
TechSoEasy
0
 

Author Comment

by:DReade83
ID: 17077727
Could you explain why please Jeff? I'm just curious why SBS disables it.

Thanks.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17077827
SBS has full versions of Windows Server 2003, Exchange Server, IIS, Active Directory, DNS and DHCP.  As well as ISA Server and SQL Server (if premium).  Becuase these are full versions, they have all the features you'd find in the standard products.  However, because SBS has all of these things operating on the same machine there are a number of things that you wouldn't use even though they haven't been taken out.  The ICS Firewall is one of those.  

It also shouldn't be used on any Server 2003 that is a DC or provides DHCP.

Please review http://support.microsoft.com/kb/324286 for more info and which includes this statement:

• Do not use ICS on a network that:

• Uses static IP addresses
• Has a Windows Server 2003 domain controller
• Uses other DNS servers, gateways, or DHCP servers
 
Jeff
TechSoEasy
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question