Windows Server 2008 R2 Thread, Keep firewall enabled? in Technical; Adding my first 2008 R2 DC to my domain my 2003 DC's don't have the microsoft firewall enabled should I ...
18th February 2010, 04:36 PM #1
Keep firewall enabled?
Adding my first 2008 R2 DC to my domain my 2003 DC's don't have the microsoft firewall enabled should I leave it enabled on the 2008 R2 DC or not?
Clients all have firewall enabled.
18th February 2010, 09:12 PM #2
Yes I would, just because it is inside the network does not make it safe and the firewall will add an extra little bit of protection. Server2k8 is quite good at opening up ports that it needs for its own services and many other thrid party server applications are now firewall aware and will open up their required ports on install. There is the occational program that needs an exception added manually but this is a small hassle compared to reinstalling the whole thing if it gets comped by a worm loose inside the network.
18th February 2010, 09:14 PM #3
I have the firewall enabled on all our 2k8 Servers, Extra bit of protection especially these days with the amount of viruses people seem to aquire... just to be on the safe side.
As Synack Said, Server 2k8 is pretty good at opening the ports it requires.
18th February 2010, 09:34 PM #4
Windows firewall, waste of time, I always turn them off, cause too many problems
18th February 2010, 09:39 PM #5
likewise, did that before.. but seriously they don't seem to upset things in 2k8
Originally Posted by IanT
18th February 2010, 09:42 PM #6
Have it enabled on my 2008 and 2008R2 boxes. Never did on 2003, but having had a worm, and seen how many viruses get picked up by Sophos on kids and staff USB drives I now prefer to have that little extra protection just in case another Worm gets in....
Did have one issue where the Ports needed for Netlogon replication didn't get opened on our 2008R2 DC box (2008 DC was okay though). Didn't spot it for a while, when I did though it explained a few things....
Oh, and another issue I had was that when I used GPOs to control the server firewalls it went a bit wrong and I had total lockdown. A bit of googling turned up similar problems, and the general consensus was to manually allow things on each server rather than via GPO, worked fine ever since. Can't remember what these extra ports were now, as mentioned above most Apps tend to open the ports themselves on install, and Windows does if adding roles/features.
18th February 2010, 10:08 PM #7
We keep them enabled. If you have it enabled it slows the confikr worm right down.
As others have said its much better regarding ports than previous versions
18th February 2010, 11:16 PM #8
Agree with all the above, keep it on. Especially with Conficker about ..... our biggest mistake here was turning it off and we got infected with it!
18th February 2010, 11:43 PM #9
Never had a problem with Windows Firewall, client or server. It tends to be the third party firewalls that are a bit overzealous. Definitely enabled.
Last Post: 18th August 2009, 02:39 PM
By TheFopp in forum Windows Server 2000/2003
Last Post: 30th January 2009, 06:25 PM
By Scotmk in forum Web Development
Last Post: 19th October 2007, 02:49 PM
By sidewinder in forum Wireless Networks
Last Post: 17th October 2007, 11:05 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)