[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Enable or disable server 2008 firewall after installation

Posted on 2014-01-20
3
Medium Priority
?
234 Views
Last Modified: 2014-02-17
Hello,

Over the weekend I've made changes to an exchange server, all went well but when I was setting it up I noticed the Windows firewall was disabled. So I enabled it and opened the ports I needed,  
Today I get a call that some software package isn't working anymore, I immediately thought that the firewall might be blocking it, and I was right, disabling the firewall fixed it.
I asked the software provider to give me a list of the ports I need to open to make their software work, but they tell me they  always just disable the firewall..
What is the best practice here? Ok, there is a router behind the server running NAT but I always tend to enable the firewall and just configure it correctly.

What is your opinion?
0
Comment
Question by:Benderama
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Accepted Solution

by:
Alex Green earned 1000 total points
ID: 39793626
On an internal network it's normally best to have the firewall disabled mainly for this reason. Plus you have a hardware firewall blocking the network from the internet so it'll be harder to get through that firewall than your windows firewall.

If however you still want to find the ports, either use NETSTAT or go into your resource monitor (task manager, then performance, button in there) and see what ports it's using and then use group policy to enforce your firewall rules.
0
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1000 total points
ID: 39793712
I couldn't disagree more, a host-based firewall can stop blended threats that can get by a network firewall. Just look at the Java/yahoo issue a few weeks ago as an example.

In the same place where you can enable or disable the firewall, you can turn on logging for denied packets. Turn on logging, fire up the app and let it fail, then turn logging off. You now have a nice file with some blocked traffic to create a new rule. You may have to do this process multiple times if the app creates secondary connections only after a successful primary connection, as they'd still be blocked, but would not have been attempted during your first capture.

So rinse and repeat. Create a rule, test. If it fails, capture again. It is usually pretty easy to get good firewall rules that allow an app to work while still protecting the host.
0
 

Author Closing Comment

by:Benderama
ID: 39865666
2 reactions, 2 diffrent opinions... well I chose to enable to firewall and set it up like it should be imo..
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question