Solved

Windows firewall vs. router firewall

Posted on 2010-09-21
8
667 Views
Last Modified: 2012-05-10
Can anyone opine as to whether or not you need windows firewall when you’re running a NAT router firewall.  Our network runs much faster with the windows firewall disabled but obviously we don’t want to open ourselves to attack?  Thanks.
0
Comment
Question by:Cizombs
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33729648
There shouldn't be a performance difference. Can you elaborate.

The windows firewall when you are behind a NAT router protects the PC/Server from internal viruses spreading such as Blaster.
0
 

Author Comment

by:Cizombs
ID: 33729697
It's the same Lytec Medical Software program that we've been having issues with over the past weekend.  We frequently (not always) get SQL timeout errors when the firewall is up.  We've open all the ports per manufacture recommendations and the SQL database is talking to all the client computers but extremely slow with certain applications.  Everything runs perfectly with the firewall down.

We're are now running the lytec program on a physical cleint XP machine on the SBS network where we were running Lytec on a virtual XP machine before without all these speed issues.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 33729925
Interesting. It does sound like some service may be being blocked, or might there be a requirement for UDP for a particular port and you only have TCP enabled?

It can be time consuming but you could install Ethereal/Wireshark on the server PC and client PC and see if you can detect any blocked traffic.
http://www.wireshark.org/

It is more common for anti-virus software to cause problems similar to what you are experiencing than a firewall.
0
 

Author Comment

by:Cizombs
ID: 33729938
It runs great when we diable firewall so definitely something along those lines.  We do have TCP and UDP ports open per manufacture recommendations.  I'll take a look at wireshark.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 77

Expert Comment

by:Rob Williams
ID: 33730039
Make sure exceptions are also enabled for file and print sharing and just in case add TCP port 53 for DNS. This will assure all windows file sharing and name resolution is working properly. Perhaps it is not a Lytec service that is causing the problem.
0
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33730572
I would just disable the Windows firewall and rely on your external NAT firewall. Windows firewall hasn't caused any noticeable slowdowns for me but it's an unnecessary level of protection, and only worth it if that's your only firewall, but that's just my opinion.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 33730628
I'm with RobWill on this. The windows firewall should not be causing performance issues, and it does have a purpose beyond what an edge firewall provides. They serve protecting against different types of attacks.
Also, I feel compelled to point out that not all edge firewalls are NAT devices (and with IPv6 on the horizon, understanding that distinction is actually important), and not all NAT devices are good edge firewalls.
A business should have a good edge firewall (and if it does NAT, that's cool too) as well as a software firewall on each machine (server and client) with rules tailored for the tasks that PC performs.
-Cliff
 
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33738801
Thanks Cizombs.
Cheers!
--Rob
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now