Solved

Do you need to have Windows Firewall on if you have a hardware firewall

Posted on 2016-11-13
9
101 Views
Last Modified: 2016-11-30
If you have a hardware firewall installed like a Sophos UTM is that reason to turn off Windows firewall?  I'm curious

Thanks
0
Comment
Question by:Peterson50
9 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 41885707
A good third party software firewall will take over from Windows Firewall. I use Symantec Endpoint and its firewall takes over from Windows Firewall. So Windows Firewall may already be disabled.

If you have no third party software firewall, there is no harm in leaving Windows Firewall intact. Just leave it.
0
 

Author Comment

by:Peterson50
ID: 41885711
My IT partner feels its okay to leave the workstation firewall disabled, its not necessary, is that accurate?
0
 
LVL 93

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41885714
Yes it is fine, so long as you are always behind the Sophos Hardware Firewall. This is normally true for Desktop computers.

For any laptop that travels away from the hardware firewall, then some sort of software firewall should be on the computer.

I think that makes sense.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 18

Expert Comment

by:Mal Osborne
ID: 41885732
I would not disable the Windows firewall.  This give you protection form other machines on the network that may be infected with malware, or foreign machines connected to the LAN.
0
 
LVL 32

Expert Comment

by:Mark
ID: 41885751
Using both will be complementary to each. The hardware firewall will protect most incoming network traffic and the software firewall will be in a better  position to analyze the PC 's behaviour as it can be aware of both incoming and outgoing traffic from the PC itself i set up that way. The problem is that windows firewall doesn't do a very good job of checking outgoing traffic unless it is set up properly, not very user friendly. But using both should not be an issue. There are 3rd party software firewalls that will work better than windows firewall.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 41885755
As I noted earlier, I use the Symantec Software Firewall and it does an excellent job on my ThinkPad.
0
 
LVL 3

Expert Comment

by:Yogesh Patel
ID: 41885857
Its safe to keep both firewall on as both firewall doing different job.

Hardware firewall provide you Gateway Level security and Windows firewall give you OS level security as it will protect you network from spreading .

Hardware level firewall validate Incoming and outgoing access and block it at Gateway Level so its dont go to you PC.

But in some cases unauthorized access through any Software download like Malware or any  Software Installation from media , your windows firewall prevent it from spreading to Network.


 Its like double layer security if you keep both on
1
 
LVL 57

Expert Comment

by:Pete Long
ID: 41886073
My $0.02

The "Turn the Windows Firewall off because we have a hardware firewall" Is ingrained in a lot of techs, because when XP SP2 came out and enabled the firewall, carnage ensued, In Microsoft's defence thats was primarily because of badly coded applications. but the practice of disabling the windows firewall has stuck ever since.

As already mentioned if you have a third party firewall software (on the client's) then by all means, disable the Windows firewall.

However: Your most vulnerable attack vector, is from within. When "Julie" in accounts clicks an email attachment and sets up some malware that starts scanning for open ports to attack, what good is you state-full firewall then! In fact I've seen the same people who disable the Windows firewall, have "permit IP any any" outbound on their corporate firewall, so they can proliferate and infect everyone else (cheers for that!)

So leave them on! If they stop something working, get Wireshark fired up and fix that problem. Disabling a firewall without having other measures to protect your endpoints, is like having a UTM firewall thats scanning for AV/AMP so you don't bother putting AV/AMP software on you clients! You wouldn't do that, so why disable the firewall?


Pete
2

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
USB ports 4 37
Calibrating x & y screen  pixel coordinates 1 39
Windows 10 Slow to recognise CD's 8 55
Seatools For Dos (Just shows FreeDos) 21 32
The Rasberry PI is a low cost piece of hardware that you can have a lot of fun with through experimenting and building/working on projects like media players, running a low cost computer, build data loggers etc. - see: https://www.raspberrypi.org
Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question