We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Windows Server Firewalls (2008 and SBS 2008) - Definitive stance on disabling firewalls

itgroove
itgroove asked
on
Medium Priority
1,006 Views
Last Modified: 2012-05-07
Hi Folks,

I'm looking for some definitive facts/stance on the Windows Server 2008 firewall/SBS 2008 firewalls. Or some recommendations from an authority.

When we have had a situation where we had to turn the Windows firewall off (I realize we can set exclusions but they don't always work), we have taken a few different approaches:

1. Turn it off in the GUI (http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx) - we've done this and on occasion (several), it will indicate it is off in the GUI but will still block ports (intermittantly)

2. Set the firewall service to manual - we've tried this but same as #1, it will actually start to block certain traffic on occasion after a period of time

3. This is the tact we've come to taking - we DISABLE the firewall service.  I have no doubt that this is officially unsupported by Microsoft for the security impact (these are small business networks however, not NASA or Fort Knox).  This seems to work definitively at keeping these ports open ... however, I've run into two occasions where Exchange 2007 stops allowing connections after a period of time (and in fact, Exchange 2007 won't allow you to install unless the firewall service is running).

*sigh* - what is a girl/boy to do?  What key step/information are we missing here to ensure our connections work ALL OF THE TIME?  

Of course it is a good idea to have the firewall on - but if starts closing ports that are excluded, the disruption to a customer is not a good thing, particularly if the ports being closed are RDP such that we can't support them remotely either to fix the situation.

Comments welcome but I'm really looking for someone to point out or say something new here - something we are missing...  Thanks!
Comment
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Didn't get much commentary but I do appreciate barnescr attempt.  I believe, at least for 2 most recent occurrences, that the support article I have posted is relevant and will recur.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.