Solved

Ok to turn off firewall on DC or no?

Posted on 2013-11-04
4
430 Views
Last Modified: 2013-11-21
I have Windows 2012 and 2008 DC's. Have two domains A and B on my network and they have been configured for two way interdomain trust. Had problems getting to shared drives in domain B from users logged into domain A today. This problem was resolved when I disabled firewall on domain controller for A. Is it okay to leave the firewall for domain controllers turned off? They are behind a SonicWall firewall.
0
Comment
Question by:bobox00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 95

Accepted Solution

by:
John Hurst earned 250 total points
ID: 39623154
If your SonicWall firewall is configured to reject unwanted attacks and intrusions (DDOS attacks, reject SMTP Port 25 general use, etc.) then you are probably OK.

Better:  Configure the Windows Firewall to allow the shared drives to work. You know it is a firewall issue, so allow the IP ranges of the servers on all normal ports and that should work. Try this and leave the firewalls on if you can.

... Thinkpads_User
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 39623192
Whether it is "ok" is purely a measure of your company's risk tolerance. Some companies are okay with it. Some wouldn't be.

For me personally, I think host-based firewalls serve a purpose, even behind a edge firewall. We live in a world where blended exploits exist. Someone mixes a flash vulnerability to get past your SonicWall and then an RPC vulnerability to infect every machine on your network....it happens. Where a host-based firewall would block unwanted RPC traffic before it ever reached the vulnerable dll.

So you have to make your own evaluation there. But if you are asking whether windows firewall (or any host based firewall) adds protection or is purely redundant, the answer is they do add protection. Defense in-depth.
0
 

Author Closing Comment

by:bobox00
ID: 39666162
Thanks
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 39666170
@bobox00 - Thanks and I was happy to help.

.... Thinkpads_User
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question