Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 723
  • Last Modified:

Windows firewall vs. router firewall

Can anyone opine as to whether or not you need windows firewall when you’re running a NAT router firewall.  Our network runs much faster with the windows firewall disabled but obviously we don’t want to open ourselves to attack?  Thanks.
0
Cizombs
Asked:
Cizombs
1 Solution
 
Rob WilliamsCommented:
There shouldn't be a performance difference. Can you elaborate.

The windows firewall when you are behind a NAT router protects the PC/Server from internal viruses spreading such as Blaster.
0
 
CizombsAuthor Commented:
It's the same Lytec Medical Software program that we've been having issues with over the past weekend.  We frequently (not always) get SQL timeout errors when the firewall is up.  We've open all the ports per manufacture recommendations and the SQL database is talking to all the client computers but extremely slow with certain applications.  Everything runs perfectly with the firewall down.

We're are now running the lytec program on a physical cleint XP machine on the SBS network where we were running Lytec on a virtual XP machine before without all these speed issues.
0
 
Rob WilliamsCommented:
Interesting. It does sound like some service may be being blocked, or might there be a requirement for UDP for a particular port and you only have TCP enabled?

It can be time consuming but you could install Ethereal/Wireshark on the server PC and client PC and see if you can detect any blocked traffic.
http://www.wireshark.org/

It is more common for anti-virus software to cause problems similar to what you are experiencing than a firewall.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
CizombsAuthor Commented:
It runs great when we diable firewall so definitely something along those lines.  We do have TCP and UDP ports open per manufacture recommendations.  I'll take a look at wireshark.
0
 
Rob WilliamsCommented:
Make sure exceptions are also enabled for file and print sharing and just in case add TCP port 53 for DNS. This will assure all windows file sharing and name resolution is working properly. Perhaps it is not a Lytec service that is causing the problem.
0
 
vanbarsounCommented:
I would just disable the Windows firewall and rely on your external NAT firewall. Windows firewall hasn't caused any noticeable slowdowns for me but it's an unnecessary level of protection, and only worth it if that's your only firewall, but that's just my opinion.
0
 
Cliff GaliherCommented:
I'm with RobWill on this. The windows firewall should not be causing performance issues, and it does have a purpose beyond what an edge firewall provides. They serve protecting against different types of attacks.
Also, I feel compelled to point out that not all edge firewalls are NAT devices (and with IPv6 on the horizon, understanding that distinction is actually important), and not all NAT devices are good edge firewalls.
A business should have a good edge firewall (and if it does NAT, that's cool too) as well as a software firewall on each machine (server and client) with rules tailored for the tasks that PC performs.
-Cliff
 
0
 
Rob WilliamsCommented:
Thanks Cizombs.
Cheers!
--Rob
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now