[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 445
  • Last Modified:

Ok to turn off firewall on DC or no?

I have Windows 2012 and 2008 DC's. Have two domains A and B on my network and they have been configured for two way interdomain trust. Had problems getting to shared drives in domain B from users logged into domain A today. This problem was resolved when I disabled firewall on domain controller for A. Is it okay to leave the firewall for domain controllers turned off? They are behind a SonicWall firewall.
0
bobox00
Asked:
bobox00
  • 2
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
If your SonicWall firewall is configured to reject unwanted attacks and intrusions (DDOS attacks, reject SMTP Port 25 general use, etc.) then you are probably OK.

Better:  Configure the Windows Firewall to allow the shared drives to work. You know it is a firewall issue, so allow the IP ranges of the servers on all normal ports and that should work. Try this and leave the firewalls on if you can.

... Thinkpads_User
0
 
Cliff GaliherCommented:
Whether it is "ok" is purely a measure of your company's risk tolerance. Some companies are okay with it. Some wouldn't be.

For me personally, I think host-based firewalls serve a purpose, even behind a edge firewall. We live in a world where blended exploits exist. Someone mixes a flash vulnerability to get past your SonicWall and then an RPC vulnerability to infect every machine on your network....it happens. Where a host-based firewall would block unwanted RPC traffic before it ever reached the vulnerable dll.

So you have to make your own evaluation there. But if you are asking whether windows firewall (or any host based firewall) adds protection or is purely redundant, the answer is they do add protection. Defense in-depth.
0
 
bobox00Author Commented:
Thanks
0
 
John HurstBusiness Consultant (Owner)Commented:
@bobox00 - Thanks and I was happy to help.

.... Thinkpads_User
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now