Software Firewall for Windows Server 2012

What about the built in Windows Firewall? Maybe look into something like pfSense.

What is your Anti-Virus application.  Good enterprise AV's usually have their own firewall.

Roshan Ejaz - Is Windows built in firewall more reliable than a third party software firewall?
https://www.pfsense.org appears to sell only hardware firewalls, but I am looking for a software firewall.

pjam - I haven't installed an anti-virus software yet.  Do you have any anti-virus / firewall software suggestions for Windows Server 2012?

I would definitely try Windows Firewall, we have many customers who use it.

Use the windows firewall. Third party software firewalls are almost unilaterally garbage (Either they are buggy and prone to false positive blocking, or they are buggy and use up too many resources). Windows Firewall works very well from Server 2008 on (Server 2003's baked in Firewall was a giant ball of dumb). It's fairly easy to use and doesn't waste resources or cause a lot of false positives, nor is it incredibly buggy. That said, logging and diagnostics in it are sub-par at best, so you do need to be able to troubleshoot without much information.

Trend Micro enterprise for AV & firewall should do the trick.  windows firewall is excellent also

Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

pjam - Which version of Trend Micro Enterprise AV / Firewall have you used?  What is the price?
I coudn't find pricing for Windows Server 2012 at http://store.trendmicro.com/store/tmamer/Content/pbPage.SMB?cm_sp=Lightbox-_-Where+To+Buy-_-Small+Business:Store

Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

Do you know this from experience or are you just making an assumption that that is possible? Firewalls generally give no response at all when blocking traffic, so I have serious doubts that one could feasibly determine firewall manufacturer from the outside as easily as you suggest. Then there's the fact that OS  can be easily determined by querying the services that are offered through the firewall. If a web server is giving IIS responses, it's on a Windows server.

Aside from that, choosing a firewall solely on the basis of making it harder to determine which firewall software you're using is nothing more than a security through obscurity tactic, and not an effective security practice. Any security software should be chosen based on features, performance, and usability. And frankly, I've yet to find any software firewall that isn't incredibly bulky, difficult to configure properly, or just plain useless.

From every bit of experience I've had with Trend Micro...look elsewhere. Trying to get support from them in the event of a breach or major emergency is a futile effort.

acbrown - I appreciate your feedback on Trend Micro!  Thank you.

I know this from experience.  It is easy to see the OS that is on a server, and hackers first target the default firewall by looking for bugs / breaches in the firewall which is public information as Microsoft publishes their bugs and patch fixes.  Although it isn't an effective security practice, if a different firewall is used, it offers a little more security or at least a piece of mind.  

Do you have other suggestions for software firewalls from companies that offer some support in the event of a breach?

acbrown2010 - do you usually just use Windows Firewall in Windows Server 2012?  How is support from Microsoft?

How much does Sophos AV cost?  Which other AV software do you like for Windows servers?

Adam Brown - thank you for your detailed answer.  I sent you a PM.

Hi Adam,

I am using Windows Firewall.  How can I test if I have everything set up right and that my server is secure?