Solved

Ok to turn off firewall on DC or no?

Posted on 2013-11-04
4
420 Views
Last Modified: 2013-11-21
I have Windows 2012 and 2008 DC's. Have two domains A and B on my network and they have been configured for two way interdomain trust. Had problems getting to shared drives in domain B from users logged into domain A today. This problem was resolved when I disabled firewall on domain controller for A. Is it okay to leave the firewall for domain controllers turned off? They are behind a SonicWall firewall.
0
Comment
Question by:bobox00
  • 2
4 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 250 total points
ID: 39623154
If your SonicWall firewall is configured to reject unwanted attacks and intrusions (DDOS attacks, reject SMTP Port 25 general use, etc.) then you are probably OK.

Better:  Configure the Windows Firewall to allow the shared drives to work. You know it is a firewall issue, so allow the IP ranges of the servers on all normal ports and that should work. Try this and leave the firewalls on if you can.

... Thinkpads_User
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 39623192
Whether it is "ok" is purely a measure of your company's risk tolerance. Some companies are okay with it. Some wouldn't be.

For me personally, I think host-based firewalls serve a purpose, even behind a edge firewall. We live in a world where blended exploits exist. Someone mixes a flash vulnerability to get past your SonicWall and then an RPC vulnerability to infect every machine on your network....it happens. Where a host-based firewall would block unwanted RPC traffic before it ever reached the vulnerable dll.

So you have to make your own evaluation there. But if you are asking whether windows firewall (or any host based firewall) adds protection or is purely redundant, the answer is they do add protection. Defense in-depth.
0
 

Author Closing Comment

by:bobox00
ID: 39666162
Thanks
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39666170
@bobox00 - Thanks and I was happy to help.

.... Thinkpads_User
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now