Ok to turn off firewall on DC or no?

Posted on 2013-11-04
Medium Priority
Last Modified: 2013-11-21
I have Windows 2012 and 2008 DC's. Have two domains A and B on my network and they have been configured for two way interdomain trust. Had problems getting to shared drives in domain B from users logged into domain A today. This problem was resolved when I disabled firewall on domain controller for A. Is it okay to leave the firewall for domain controllers turned off? They are behind a SonicWall firewall.
Question by:bobox00
  • 2
LVL 101

Accepted Solution

Anonymous earned 1000 total points
ID: 39623154
If your SonicWall firewall is configured to reject unwanted attacks and intrusions (DDOS attacks, reject SMTP Port 25 general use, etc.) then you are probably OK.

Better:  Configure the Windows Firewall to allow the shared drives to work. You know it is a firewall issue, so allow the IP ranges of the servers on all normal ports and that should work. Try this and leave the firewalls on if you can.

... Thinkpads_User
LVL 61

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1000 total points
ID: 39623192
Whether it is "ok" is purely a measure of your company's risk tolerance. Some companies are okay with it. Some wouldn't be.

For me personally, I think host-based firewalls serve a purpose, even behind a edge firewall. We live in a world where blended exploits exist. Someone mixes a flash vulnerability to get past your SonicWall and then an RPC vulnerability to infect every machine on your network....it happens. Where a host-based firewall would block unwanted RPC traffic before it ever reached the vulnerable dll.

So you have to make your own evaluation there. But if you are asking whether windows firewall (or any host based firewall) adds protection or is purely redundant, the answer is they do add protection. Defense in-depth.

Author Closing Comment

ID: 39666162
LVL 101

Expert Comment

ID: 39666170
@bobox00 - Thanks and I was happy to help.

.... Thinkpads_User

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question