Solved

Trend Micro and Firewalls

Posted on 2007-11-20
15
3,615 Views
Last Modified: 2013-11-22
Hi. I am in the process of installing Trend Micro Client Server Messaging Security for SMB on my SBS 2003 Standard Edition R2. It's a little more complicated than I thought, so I am reading the 332 page manual carefully. I am a bit confused when it comes to the firewall part.

As you know, the CSMS for SMB comes with its own firewall, Personal Firewall. The manual recommends disabling the firewalls which come with Windows or disabling Personal Firewall and opening the correct ports and exceptions in Windows' firewalls. From what I can gather, the Personal Firewall seems more robust. Of course, I know these are all software firewalls. I have a hardware firewall in place.

My question is the manual made reference to the SBS Internet Connection Firewall, which is enabled. But, when I looked in group policy, it showed that firewall as well as the SBS Windows Firewall (Server). There is also the Windows Firewall which is located on each client machine. So, do I disale all of them. Or just the Internet Connection Firewall?

Thanks

Bert
0
Comment
Question by:Bert2005
  • 7
  • 5
  • 3
15 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
Bert,

I always disable the TrendMicro Firewall.  Since SBS has a nicely configured group policy that manages the Windows Firewall on workstations, I find that it's just much easier to manage and does the job.

There are TWO Group Policies listed on the server's GPMC: The SBS Internet Connection Firewall and the SBS Windows Firewall.  Both of these are actually to manage the Windows XP Firewall.  Notice in the WMI filter column one says PreSP2 and the other PostSP2.

The SBS Internet Connection Firewall, even though it's enabled doesn't actually apply to anything anymore.  It's the SBS Windows Firewall policy that's now managing the XP SP2 firewalls.

I'd say don't disable either of those... disable the TrendMicro Personal Firewall Service instead.


Jeff
TechSoEasy
0
 
LVL 8

Expert Comment

by:static-void
Comment Utility
The firewall in TMCSM is built into the officescan agent so you should disable your local firewalls on all protected pcs if your going to use the TM one. However i personally would just stick to the windows firewall, it works fine and is easier to centrally manage
0
 
LVL 8

Expert Comment

by:static-void
Comment Utility
lol yeah ditto that
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Well, it's good to have 100% agreement!

I can open a new question if you like, but this seems fairly related and only my last comment.

Would either of you recommend going with the Client Server Messaging Security version over the non-messaging version given the Exchange feature and the Vulnerability Assessment (whatever that does).

Also, are some antivirus programs not compatible with SBS 2003 or, more importantly, is Trend Micro made for SBS 2003? I looked at CA, but it was a little pricey.

Thanks guys.
0
 
LVL 8

Expert Comment

by:static-void
Comment Utility
exchange feature is realllly useful i found. I use TMCSM on my network and its good to have an email level virus scan. It stops virusus before they even get presented to PCs. if at all possible you should have something in place to stop them at the server level. Im not sure about the SMB thing, talk to your trend rep. I use it on actual exchange but i imagine given its a smb product it will work on SMB
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks static. Appreciate the help. And, it's good to know that you use it and like it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Bert,

I ONLY use TrendMicro CSM for all of my SBS installations.  It is definitely the most popular amongst the SBS MVP Community as well.  You definitely want CSM, not just the Client/Server version because you do need to have a proper Exchange AV program.

TrendMicro not only works well, it works without needing to ever see it once you've installed the program.  Plus, it is relatively cheap because they don't charge for the server license, just per "seat" (meaning, per workstation).

Jeff
TechSoEasy
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks Jeff. I will definitely go the CSM route.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
So Jeff or static,

I am installing TrendMicro on the server. I will disable the TM's firewall and leave the Windows Firewall running on the clinets. What about the Windows Firewall on the server. I have standard edition and am not using ISA. If Windows Firewall is turned on on the server, then RRAS would need to be disabled correct?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
I believe Trend Micro's Firewall is disabled by default... if you accept all the defaults when installing it.

You cannot turn on the Windows Firewall on an SBS.  RRAS is your firewall if you have TWO NICs, and if you only have a single NIC, there is NO firewall that is ON the server... instead you would use a hardware device for that.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks.
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
So with two NICs, you would use RRAS? But, what about ISA?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Assuming you have two NICs, when you run the CEICW it detects whether or not you have ISA Server installed and if not, it configures RRAS as the firewall.

Jeff
TechSoEasy
0
 
LVL 1

Author Comment

by:Bert2005
Comment Utility
Thanks. I must have missed that comment. I still don't know why anyone would use two NICs without ISA, but I guess some do.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
If you don't have a strong firewall, then using two NICs can increase your security.  But the next version of SBS (SBS 2008) will only support a single NIC configuration and will not be coming with ISA Server as an option.  Overall, its generally better to have a good firewall device, such as a SonicWall TZ-series.

Jeff
TechSoEasy
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now