Solved

Enable or disable server 2008 firewall after installation

Posted on 2014-01-20
3
214 Views
Last Modified: 2014-02-17
Hello,

Over the weekend I've made changes to an exchange server, all went well but when I was setting it up I noticed the Windows firewall was disabled. So I enabled it and opened the ports I needed,  
Today I get a call that some software package isn't working anymore, I immediately thought that the firewall might be blocking it, and I was right, disabling the firewall fixed it.
I asked the software provider to give me a list of the ports I need to open to make their software work, but they tell me they  always just disable the firewall..
What is the best practice here? Ok, there is a router behind the server running NAT but I always tend to enable the firewall and just configure it correctly.

What is your opinion?
0
Comment
Question by:Benderama
3 Comments
 
LVL 6

Accepted Solution

by:
alexgreen312 earned 250 total points
ID: 39793626
On an internal network it's normally best to have the firewall disabled mainly for this reason. Plus you have a hardware firewall blocking the network from the internet so it'll be harder to get through that firewall than your windows firewall.

If however you still want to find the ports, either use NETSTAT or go into your resource monitor (task manager, then performance, button in there) and see what ports it's using and then use group policy to enforce your firewall rules.
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 39793712
I couldn't disagree more, a host-based firewall can stop blended threats that can get by a network firewall. Just look at the Java/yahoo issue a few weeks ago as an example.

In the same place where you can enable or disable the firewall, you can turn on logging for denied packets. Turn on logging, fire up the app and let it fail, then turn logging off. You now have a nice file with some blocked traffic to create a new rule. You may have to do this process multiple times if the app creates secondary connections only after a successful primary connection, as they'd still be blocked, but would not have been attempted during your first capture.

So rinse and repeat. Create a rule, test. If it fails, capture again. It is usually pretty easy to get good firewall rules that allow an app to work while still protecting the host.
0
 

Author Closing Comment

by:Benderama
ID: 39865666
2 reactions, 2 diffrent opinions... well I chose to enable to firewall and set it up like it should be imo..
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
lync 2013 7 54
People keep losing connection to file server 4 55
What is this Task? 4 85
Send Message to connected users 3 34
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now