[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 360
  • Last Modified:

Windows firewall sp2

Morning,

I seem to be having a small problem with windows firewall on a server 2003 enteprise edition.
I've installed SP2 and all relevent updates. the server is setup as one domain controller with dns.
All is working AOK on that side - the problem started when i tried to join a computer's to the domain, i was getting access denied errors etc, (these were fresh installs) I found that disabling the firewall sorted this problem.
Now that i have 5 users connected to the domain they all have problems logging on to it.  It just hangs there for ages and ages.  If i disable windows firewall they connect immediately.
Do i need to open any ports for Active D and DNS - never had to do this before from memory - strange.


Thanks for any help.


0
John
Asked:
John
  • 4
  • 2
2 Solutions
 
Burns2007Commented:
Personally I would disable windows firewall on the server.

Windows firewall is not a valid solution fo ryour internal connection.

Do you have this server directly connected to the internet and using ICS? If so, you can enable the firewall on that connection but not the internal one.

If you a router etc instead connected to the network, I wouldn't have the windows firewall turned on at all on your server.
0
 
JohnAuthor Commented:
Hi Burns2007

The server and clients use are using a Netgear DG834 ADSL router with built in NAT etc for internet access.  I'm not using ICS so i don't know what you mean about using the firewall on that connection. do you think not having the firewall on will be sufficient. I'd prefer to have it on but don't understand why this is giving me problems.


Thanx.
0
 
Zenith63Commented:
Your NAT router will be acting as a firewall to the outside world, effectively sealing you off from it, so having a firewall on the server is probably going to cause you more hassle (for reasons like the problem you've described) then the small amount of extra security you gain.  The Windows firewall is only really giving you two extra bits of security - it will prevent access to the server from clients already on your network (not important in most small businesses IMHO) and will prevent the spread of network viruses to the server if one happens to get onto a LAN PC (again not that important considering how rare viruses are these days and how good most AntiVirus programs are if they're up-to-date).
So I agree with Burns2007, dump the firewall, you don't need it and it will cause more problems then it solves.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
JohnAuthor Commented:
OK, see what your saying.  Have you guys run servers before without any firewall protection.

0
 
JohnAuthor Commented:
I still don't like teh idea of running this Server without a personal firewall turned on,  especially as it's running as a file server and DNS server.  My NAT firewall router will only provide a perimator wall for traffic on the Net - if a laptop user for instance is infected with a virus, this could easily spead across the LAN, and effect any weak system that's vunerable. i.e MSblaster worm etc or any new born.

There are tonnes of ports, so opening a few for Server 2003 to function correctly shouldn't be a problem.  Do you guys know the right ports for this.

Cheers
0
 
Zenith63Commented:
Sorry, I don't know the ports in question.  To answer your other question; I have never put a firewall on a server, ever.  I also can't remember the last time I came across a server with a firewall on it.  It's just not the way it tends to be done for the very reason you've come across.

Decent AntiVirus (including server email scanning) updated at least daily and regular Windows updates is enough in a vast majority of cases.
0
 
JohnAuthor Commented:
Ok i will close this question and take your advice. I'm looking into getting a better hardware firewall anyway which should protect the server.

I will share the points out - think that's fair enough.

cheers

W.J
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now