Windows Firewall

When I first installed SBS 2003, Windows Firewall was running. For some reason after applying Windows updates and getting up to the stage where the server is ready to go, I get the following message when trying to start the Windows Firewall service:

"Windows Firewall cannot run because the Windows Firewall/Internet Connection Sharing (ICS) service is not running."

Any ideas? Isn't it a bit risky having the firewall disabled?

Thanks in advance.
DReade83Asked:
Who is Participating?
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
SBS has full versions of Windows Server 2003, Exchange Server, IIS, Active Directory, DNS and DHCP.  As well as ISA Server and SQL Server (if premium).  Becuase these are full versions, they have all the features you'd find in the standard products.  However, because SBS has all of these things operating on the same machine there are a number of things that you wouldn't use even though they haven't been taken out.  The ICS Firewall is one of those.  

It also shouldn't be used on any Server 2003 that is a DC or provides DHCP.

Please review http://support.microsoft.com/kb/324286 for more info and which includes this statement:

• Do not use ICS on a network that:

• Uses static IP addresses
• Has a Windows Server 2003 domain controller
• Uses other DNS servers, gateways, or DHCP servers
 
Jeff
TechSoEasy
0
 
Justin CollinsIT Support TechnicianCommented:
It is VERY risky, and definitely not recommended if you have it connected directly to the internet.  If you have a router, or hardware firewall of some sort, then it's not so bad at all. You just have to have something there.  

Personally, on my server, I don't have it running, but I also have a Linksys router between it and the world.  I forwarded the ports I needed through the router and that was it.  80, 21, 3389, ect.
0
 
DReade83Author Commented:
Ah right, that's what I have, a hardware firewall/router with port forwarding setup.

Any idea why Windows disables it?
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Hi DReade83,

Did you happen to run the Security Configuration Wizard?  Because the Windows Firewall should NOT be installed or running on an SBS.  If you have SBS Standard, RRAS will act as your firewall if you have two NICs (you should also have a hardware firewall in front of your server such as puter_geek suggested.

You configure all of this with the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Jeff
TechSoEasy
0
 
Justin CollinsIT Support TechnicianCommented:
Because since you only have one network connection, it automatically disables it.  Part way through the install it asks you if it is connected through the internet through a residential gateway, so it knows that it doesn't need it and disables it.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Has nothing to do with having one Internet connection... you're thinking of RRAS's firewall...  which would be disabled with a single NIC, not because it doesn't need it, but because it won't work with only one interface.  

However, the question is regarding the ICS Firewall... the Windows internal software firewall... which shouldn't be enabled at all on an SBS.

Jeff
TechSoEasy
0
 
DReade83Author Commented:
Could you explain why please Jeff? I'm just curious why SBS disables it.

Thanks.
0
All Courses

From novice to tech pro — start learning today.