Windows firewall vs. router firewall

Can anyone opine as to whether or not you need windows firewall when you’re running a NAT router firewall.  Our network runs much faster with the windows firewall disabled but obviously we don’t want to open ourselves to attack?  Thanks.
CizombsAsked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
Interesting. It does sound like some service may be being blocked, or might there be a requirement for UDP for a particular port and you only have TCP enabled?

It can be time consuming but you could install Ethereal/Wireshark on the server PC and client PC and see if you can detect any blocked traffic.
http://www.wireshark.org/

It is more common for anti-virus software to cause problems similar to what you are experiencing than a firewall.
0
 
Rob WilliamsCommented:
There shouldn't be a performance difference. Can you elaborate.

The windows firewall when you are behind a NAT router protects the PC/Server from internal viruses spreading such as Blaster.
0
 
CizombsAuthor Commented:
It's the same Lytec Medical Software program that we've been having issues with over the past weekend.  We frequently (not always) get SQL timeout errors when the firewall is up.  We've open all the ports per manufacture recommendations and the SQL database is talking to all the client computers but extremely slow with certain applications.  Everything runs perfectly with the firewall down.

We're are now running the lytec program on a physical cleint XP machine on the SBS network where we were running Lytec on a virtual XP machine before without all these speed issues.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
CizombsAuthor Commented:
It runs great when we diable firewall so definitely something along those lines.  We do have TCP and UDP ports open per manufacture recommendations.  I'll take a look at wireshark.
0
 
Rob WilliamsCommented:
Make sure exceptions are also enabled for file and print sharing and just in case add TCP port 53 for DNS. This will assure all windows file sharing and name resolution is working properly. Perhaps it is not a Lytec service that is causing the problem.
0
 
vanbarsounCommented:
I would just disable the Windows firewall and rely on your external NAT firewall. Windows firewall hasn't caused any noticeable slowdowns for me but it's an unnecessary level of protection, and only worth it if that's your only firewall, but that's just my opinion.
0
 
Cliff GaliherCommented:
I'm with RobWill on this. The windows firewall should not be causing performance issues, and it does have a purpose beyond what an edge firewall provides. They serve protecting against different types of attacks.
Also, I feel compelled to point out that not all edge firewalls are NAT devices (and with IPv6 on the horizon, understanding that distinction is actually important), and not all NAT devices are good edge firewalls.
A business should have a good edge firewall (and if it does NAT, that's cool too) as well as a software firewall on each machine (server and client) with rules tailored for the tasks that PC performs.
-Cliff
 
0
 
Rob WilliamsCommented:
Thanks Cizombs.
Cheers!
--Rob
0
All Courses

From novice to tech pro — start learning today.