Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Enable or disable server 2008 firewall after installation

Posted on 2014-01-20
3
222 Views
Last Modified: 2014-02-17
Hello,

Over the weekend I've made changes to an exchange server, all went well but when I was setting it up I noticed the Windows firewall was disabled. So I enabled it and opened the ports I needed,  
Today I get a call that some software package isn't working anymore, I immediately thought that the firewall might be blocking it, and I was right, disabling the firewall fixed it.
I asked the software provider to give me a list of the ports I need to open to make their software work, but they tell me they  always just disable the firewall..
What is the best practice here? Ok, there is a router behind the server running NAT but I always tend to enable the firewall and just configure it correctly.

What is your opinion?
0
Comment
Question by:Benderama
3 Comments
 
LVL 9

Accepted Solution

by:
Alex Green earned 250 total points
ID: 39793626
On an internal network it's normally best to have the firewall disabled mainly for this reason. Plus you have a hardware firewall blocking the network from the internet so it'll be harder to get through that firewall than your windows firewall.

If however you still want to find the ports, either use NETSTAT or go into your resource monitor (task manager, then performance, button in there) and see what ports it's using and then use group policy to enforce your firewall rules.
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 39793712
I couldn't disagree more, a host-based firewall can stop blended threats that can get by a network firewall. Just look at the Java/yahoo issue a few weeks ago as an example.

In the same place where you can enable or disable the firewall, you can turn on logging for denied packets. Turn on logging, fire up the app and let it fail, then turn logging off. You now have a nice file with some blocked traffic to create a new rule. You may have to do this process multiple times if the app creates secondary connections only after a successful primary connection, as they'd still be blocked, but would not have been attempted during your first capture.

So rinse and repeat. Create a rule, test. If it fails, capture again. It is usually pretty easy to get good firewall rules that allow an app to work while still protecting the host.
0
 

Author Closing Comment

by:Benderama
ID: 39865666
2 reactions, 2 diffrent opinions... well I chose to enable to firewall and set it up like it should be imo..
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question