Software Firewall for Windows Server 2012

I am looking for a software firewall for WIndow Server 2012 that is easy to manage, effective and affordable.

Does anyone have any suggestions and experience with software firewalls for Windows Server 2012?
benc007Asked:
Who is Participating?
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
Most of the environments I work with are low security and run without software firewalls in place. The time/cost of tuning them to work with everything and build the rules isn't generally worth it for most small businesses that don't fall under heavy regulations, and the users tend to throw hissy fits if things suddenly stop communicating. We deal with Cisco, SonicWALL, and similar for our Edge devices, and they're pretty good to average for support. Our clients are low quality/priority targets that have never been hit with anything beyond general malware issues, so I haven't had to test the firewall support of anyone in a really long time. Well, those reasons and Perimeter defense hasn't been part of my job description in years. But I have to deal with AV regularly, and zero-day response is important.

For pricing, Sophos has a couple different versions of their endpoint protection package, which is managed through the cloud (Called Sophos Central). They start at $34 dollars a year for the standard license, which includes AV, HIPS, and Real-time protection. Advanced endpoint adds Device control (block unknown devices when plugged in, etc), Web Content filtering, traffic inspection. That costs $64 a year per user. The price drops for a longer purchase term (up to 3 years) and for larger numbers of users.

I haven't found a lot of really good AV for servers yet...most companies just throw their desktop AV solution into a "Server" package without changing much. I can't tell you how much *not* fun it is to have McAfee's "Enterprise" solution blow away the Exchange mail queue and database because someone receives an email with a virus attached. SCCM's AV package is pretty good for servers, though, particularly in a full MS environment, and Sophos, again, has a good Server package that *isn't* just a rehash of the desktop suite. It's designed to handle most server solutions without breaking them, which is helpful. If you want, shoot me a PM with your email and I can spin up a 30 day trial that should let you try out the AV and Software firewall to see if they meet your needs (The company I work for is a partner with them and a few other vendors).
0
 
RizzleCommented:
What about the built in Windows Firewall? Maybe look into something like pfSense.
0
 
pjamCommented:
What is your Anti-Virus application.  Good enterprise AV's usually have their own firewall.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
benc007Author Commented:
Roshan Ejaz - Is Windows built in firewall more reliable than a third party software firewall?
https://www.pfsense.org appears to sell only hardware firewalls, but I am looking for a software firewall.

pjam - I haven't installed an anti-virus software yet.  Do you have any anti-virus / firewall software suggestions for Windows Server 2012?
0
 
RizzleCommented:
I would definitely try Windows Firewall, we have many customers who use it.
0
 
Adam BrownSr Solutions ArchitectCommented:
Use the windows firewall. Third party software firewalls are almost unilaterally garbage (Either they are buggy and prone to false positive blocking, or they are buggy and use up too many resources). Windows Firewall works very well from Server 2008 on (Server 2003's baked in Firewall was a giant ball of dumb). It's fairly easy to use and doesn't waste resources or cause a lot of false positives, nor is it incredibly buggy. That said, logging and diagnostics in it are sub-par at best, so you do need to be able to troubleshoot without much information.
0
 
pjamCommented:
Trend Micro enterprise for AV & firewall should do the trick.  windows firewall is excellent also
0
 
benc007Author Commented:
Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

pjam - Which version of Trend Micro Enterprise AV / Firewall have you used?  What is the price?
I coudn't find pricing for Windows Server 2012 at http://store.trendmicro.com/store/tmamer/Content/pbPage.SMB?cm_sp=Lightbox-_-Where+To+Buy-_-Small+Business:Store
0
 
Adam BrownSr Solutions ArchitectCommented:
Roshan Ejaz and acbrown2010 - the problem with using Windows firewall is that hackers can see which OS the server is running, and target firewall bugs easily since they know the default Windows firewall is likely used.

Do you know this from experience or are you just making an assumption that that is possible? Firewalls generally give no response at all when blocking traffic, so I have serious doubts that one could feasibly determine firewall manufacturer from the outside as easily as you suggest. Then there's the fact that OS  can be easily determined by querying the services that are offered through the firewall. If a web server is giving IIS responses, it's on a Windows server.

Aside from that, choosing a firewall solely on the basis of making it harder to determine which firewall software you're using is nothing more than a security through obscurity tactic, and not an effective security practice. Any security software should be chosen based on features, performance, and usability. And frankly, I've yet to find any software firewall that isn't incredibly bulky, difficult to configure properly, or just plain useless.

From every bit of experience I've had with Trend Micro...look elsewhere. Trying to get support from them in the event of a breach or major emergency is a futile effort.
0
 
benc007Author Commented:
acbrown - I appreciate your feedback on Trend Micro!  Thank you.

I know this from experience.  It is easy to see the OS that is on a server, and hackers first target the default firewall by looking for bugs / breaches in the firewall which is public information as Microsoft publishes their bugs and patch fixes.  Although it isn't an effective security practice, if a different firewall is used, it offers a little more security or at least a piece of mind.  

Do you have other suggestions for software firewalls from companies that offer some support in the event of a breach?
0
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
Sophos has some pretty good support, but I don't yet have any experience with their Software Firewall. Their AV is quite capable and has good controls, so I assume the Firewall software does as well. Their support is top notch, too. All of their partners/distributors have dedicated support engineers. I haven't had to go through them for breach investigations yet, but what support I have gotten from them has been timely and precise.

Trend, on the other hand, has never responded to requests for false-positive investigations on AV in anything less than 4 weeks, at which point they demand an updated copy of whatever files we send them. And considering the fact that we have over 1000 licenses with them on a monthly payment system, that just isn't acceptable to me in any way.
0
 
benc007Author Commented:
acbrown2010 - do you usually just use Windows Firewall in Windows Server 2012?  How is support from Microsoft?

How much does Sophos AV cost?  Which other AV software do you like for Windows servers?
0
 
benc007Author Commented:
Adam Brown - thank you for your detailed answer.  I sent you a PM.
0
 
benc007Author Commented:
Hi Adam,

I am using Windows Firewall.  How can I test if I have everything set up right and that my server is secure?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.