Solved

Ok to turn off firewall on DC or no?

Posted on 2013-11-04
4
429 Views
Last Modified: 2013-11-21
I have Windows 2012 and 2008 DC's. Have two domains A and B on my network and they have been configured for two way interdomain trust. Had problems getting to shared drives in domain B from users logged into domain A today. This problem was resolved when I disabled firewall on domain controller for A. Is it okay to leave the firewall for domain controllers turned off? They are behind a SonicWall firewall.
0
Comment
Question by:bobox00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 94

Accepted Solution

by:
John Hurst earned 250 total points
ID: 39623154
If your SonicWall firewall is configured to reject unwanted attacks and intrusions (DDOS attacks, reject SMTP Port 25 general use, etc.) then you are probably OK.

Better:  Configure the Windows Firewall to allow the shared drives to work. You know it is a firewall issue, so allow the IP ranges of the servers on all normal ports and that should work. Try this and leave the firewalls on if you can.

... Thinkpads_User
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 39623192
Whether it is "ok" is purely a measure of your company's risk tolerance. Some companies are okay with it. Some wouldn't be.

For me personally, I think host-based firewalls serve a purpose, even behind a edge firewall. We live in a world where blended exploits exist. Someone mixes a flash vulnerability to get past your SonicWall and then an RPC vulnerability to infect every machine on your network....it happens. Where a host-based firewall would block unwanted RPC traffic before it ever reached the vulnerable dll.

So you have to make your own evaluation there. But if you are asking whether windows firewall (or any host based firewall) adds protection or is purely redundant, the answer is they do add protection. Defense in-depth.
0
 

Author Closing Comment

by:bobox00
ID: 39666162
Thanks
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 39666170
@bobox00 - Thanks and I was happy to help.

.... Thinkpads_User
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question