Solved

Do I need Windows Firewall ?

Posted on 2008-10-24
3
295 Views
Last Modified: 2008-10-27
I have a network of about 300 computers running symantec enterprise all within a Cisco ASA 5510.  I cannot ping computers, remote connect or anything. I figured it is windows firewall as it is on, on most computers - take it off, I can ping and remote.  Do I really need it or can I just turn it off on all computers in my network?
0
Comment
Question by:dennisjameshoward
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Expert Comment

by:DenverRick
ID: 22799020
In your client settings for your Symantec Enterprise if you are using the Firewall, then the Windows Firewall should be turned off.  
0
 
LVL 12

Expert Comment

by:techExtreme
ID: 22799128
There's really no need of multiple firewalls. Moreover, you should only allow applications you consider safe to access your network, you can set it in preferences of the software/firewall you use.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 22799944
Well, until yesterdays out of cycle very critical patch, I would of agreed...
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
But nonetheless most of the time, PC's behind a internet firewall already, do not need a firewall, and it can make administration a little tougher if they are set to deny all. If you allow ports 135-139 and 445, your still vulnerable to that particular issue. Important computers, such as mail servers, backup servers etc... should be as protected as possible, be it with a DMZ, restrictive access lists, and or Vlan seperation.
Your lan is typically a safe place, but it can also become an instant breeding ground of virii if you do not follow best practices (even then, your still affected by 08-067)
http://xinn.org/win_bestpractices.html
And that's only if a virus get's in, be it a visitor, a hacker, or a user clicking something they shouldn't of. We actually don't have AV on our PC's anymore, they get scanned remotely, thanks to best practices(not running as admins), ClamAV+SafeSquid and Snort.
-rich
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question