Solved

Windows firewall vs. router firewall

Posted on 2010-09-21
8
713 Views
Last Modified: 2012-05-10
Can anyone opine as to whether or not you need windows firewall when you’re running a NAT router firewall.  Our network runs much faster with the windows firewall disabled but obviously we don’t want to open ourselves to attack?  Thanks.
0
Comment
Question by:Cizombs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33729648
There shouldn't be a performance difference. Can you elaborate.

The windows firewall when you are behind a NAT router protects the PC/Server from internal viruses spreading such as Blaster.
0
 

Author Comment

by:Cizombs
ID: 33729697
It's the same Lytec Medical Software program that we've been having issues with over the past weekend.  We frequently (not always) get SQL timeout errors when the firewall is up.  We've open all the ports per manufacture recommendations and the SQL database is talking to all the client computers but extremely slow with certain applications.  Everything runs perfectly with the firewall down.

We're are now running the lytec program on a physical cleint XP machine on the SBS network where we were running Lytec on a virtual XP machine before without all these speed issues.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 33729925
Interesting. It does sound like some service may be being blocked, or might there be a requirement for UDP for a particular port and you only have TCP enabled?

It can be time consuming but you could install Ethereal/Wireshark on the server PC and client PC and see if you can detect any blocked traffic.
http://www.wireshark.org/

It is more common for anti-virus software to cause problems similar to what you are experiencing than a firewall.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:Cizombs
ID: 33729938
It runs great when we diable firewall so definitely something along those lines.  We do have TCP and UDP ports open per manufacture recommendations.  I'll take a look at wireshark.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33730039
Make sure exceptions are also enabled for file and print sharing and just in case add TCP port 53 for DNS. This will assure all windows file sharing and name resolution is working properly. Perhaps it is not a Lytec service that is causing the problem.
0
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33730572
I would just disable the Windows firewall and rely on your external NAT firewall. Windows firewall hasn't caused any noticeable slowdowns for me but it's an unnecessary level of protection, and only worth it if that's your only firewall, but that's just my opinion.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 33730628
I'm with RobWill on this. The windows firewall should not be causing performance issues, and it does have a purpose beyond what an edge firewall provides. They serve protecting against different types of attacks.
Also, I feel compelled to point out that not all edge firewalls are NAT devices (and with IPv6 on the horizon, understanding that distinction is actually important), and not all NAT devices are good edge firewalls.
A business should have a good edge firewall (and if it does NAT, that's cool too) as well as a software firewall on each machine (server and client) with rules tailored for the tasks that PC performs.
-Cliff
 
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33738801
Thanks Cizombs.
Cheers!
--Rob
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot boot from BackupAssist recovery disc 8 74
ACL not working 11 63
Backing up an SBS 2011 system setup under Hyper-V 2 76
Routing Issue 26 64
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question