Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

Windows firewall vs. router firewall

Can anyone opine as to whether or not you need windows firewall when you’re running a NAT router firewall.  Our network runs much faster with the windows firewall disabled but obviously we don’t want to open ourselves to attack?  Thanks.
1 Solution
Rob WilliamsCommented:
There shouldn't be a performance difference. Can you elaborate.

The windows firewall when you are behind a NAT router protects the PC/Server from internal viruses spreading such as Blaster.
CizombsAuthor Commented:
It's the same Lytec Medical Software program that we've been having issues with over the past weekend.  We frequently (not always) get SQL timeout errors when the firewall is up.  We've open all the ports per manufacture recommendations and the SQL database is talking to all the client computers but extremely slow with certain applications.  Everything runs perfectly with the firewall down.

We're are now running the lytec program on a physical cleint XP machine on the SBS network where we were running Lytec on a virtual XP machine before without all these speed issues.
Rob WilliamsCommented:
Interesting. It does sound like some service may be being blocked, or might there be a requirement for UDP for a particular port and you only have TCP enabled?

It can be time consuming but you could install Ethereal/Wireshark on the server PC and client PC and see if you can detect any blocked traffic.

It is more common for anti-virus software to cause problems similar to what you are experiencing than a firewall.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

CizombsAuthor Commented:
It runs great when we diable firewall so definitely something along those lines.  We do have TCP and UDP ports open per manufacture recommendations.  I'll take a look at wireshark.
Rob WilliamsCommented:
Make sure exceptions are also enabled for file and print sharing and just in case add TCP port 53 for DNS. This will assure all windows file sharing and name resolution is working properly. Perhaps it is not a Lytec service that is causing the problem.
I would just disable the Windows firewall and rely on your external NAT firewall. Windows firewall hasn't caused any noticeable slowdowns for me but it's an unnecessary level of protection, and only worth it if that's your only firewall, but that's just my opinion.
Cliff GaliherCommented:
I'm with RobWill on this. The windows firewall should not be causing performance issues, and it does have a purpose beyond what an edge firewall provides. They serve protecting against different types of attacks.
Also, I feel compelled to point out that not all edge firewalls are NAT devices (and with IPv6 on the horizon, understanding that distinction is actually important), and not all NAT devices are good edge firewalls.
A business should have a good edge firewall (and if it does NAT, that's cool too) as well as a software firewall on each machine (server and client) with rules tailored for the tasks that PC performs.
Rob WilliamsCommented:
Thanks Cizombs.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now