Solved

Enable or disable server 2008 firewall after installation

Posted on 2014-01-20
3
226 Views
Last Modified: 2014-02-17
Hello,

Over the weekend I've made changes to an exchange server, all went well but when I was setting it up I noticed the Windows firewall was disabled. So I enabled it and opened the ports I needed,  
Today I get a call that some software package isn't working anymore, I immediately thought that the firewall might be blocking it, and I was right, disabling the firewall fixed it.
I asked the software provider to give me a list of the ports I need to open to make their software work, but they tell me they  always just disable the firewall..
What is the best practice here? Ok, there is a router behind the server running NAT but I always tend to enable the firewall and just configure it correctly.

What is your opinion?
0
Comment
Question by:Benderama
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 11

Accepted Solution

by:
Alex Green earned 250 total points
ID: 39793626
On an internal network it's normally best to have the firewall disabled mainly for this reason. Plus you have a hardware firewall blocking the network from the internet so it'll be harder to get through that firewall than your windows firewall.

If however you still want to find the ports, either use NETSTAT or go into your resource monitor (task manager, then performance, button in there) and see what ports it's using and then use group policy to enforce your firewall rules.
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 39793712
I couldn't disagree more, a host-based firewall can stop blended threats that can get by a network firewall. Just look at the Java/yahoo issue a few weeks ago as an example.

In the same place where you can enable or disable the firewall, you can turn on logging for denied packets. Turn on logging, fire up the app and let it fail, then turn logging off. You now have a nice file with some blocked traffic to create a new rule. You may have to do this process multiple times if the app creates secondary connections only after a successful primary connection, as they'd still be blocked, but would not have been attempted during your first capture.

So rinse and repeat. Create a rule, test. If it fails, capture again. It is usually pretty easy to get good firewall rules that allow an app to work while still protecting the host.
0
 

Author Closing Comment

by:Benderama
ID: 39865666
2 reactions, 2 diffrent opinions... well I chose to enable to firewall and set it up like it should be imo..
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question