Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Firewall in Server 2003 SP1

0 views
Skip to first unread message

Chris S.

unread,
Apr 12, 2005, 6:55:03 AM4/12/05
to
Dear folks,

The latest SP1 for Server 2003 comes with the Windows Firewall which is not
enabled by default. When I refer to the Technet info on this enhancements,
there're several doubts on this FW and would appreciate if someone can help
me.

My questions are on the deployment of the Windows Firewall for internal
servers:
* I'll use a third-party proven firewall for servers connected to internet.

a. The firewall requires definition of program or port exceptions for
unsolicited traffic. However, most traffic to a server from clients will be
mostly 'unsolicited' because the traffic will not be initiated from the
server?
b. In the above case, we end up having a long list of workstation's ip
addresses to define in the exception list?
c. How do one manage all the firewalls in several servers in a server farm?
d. Even in an AD environment, if there're different exception's list for
different server, such as application server, I would still have to define
different domain profiles for each of them.

Will be grateful for advice on the above.

TIA.
Chris S.


Stephen Cartwright [MSFT]

unread,
Apr 18, 2005, 12:25:31 PM4/18/05
to
This should help to address your questions and determine the best strategy
to use
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/56b0f52e-61c0-4b85-99cb-911ea7b8bafe.mspx
along with all the associated links
e.g.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/56b0f52e-61c0-4b85-99cb-911ea7b8bafe.mspx

To answer your question the following extract from one of the links [the
example I pasted above] mentions the onerous tasks you state. There might
not be an ideal solution.
Hope this helps.
In addition, Windows Firewall is designed to be a supplemental security
solution; it should be part of a security architecture that implements a
variety of security technologies. For more information, see Best Practices
for Administering Windows Firewall.

You might not want to start Windows Firewall if a server requires you to
open numerous ports or allow a large number of applications and services to
receive unsolicited traffic. Because a significant volume of network traffic
will be allowed to pass through Windows Firewall anyway, by disabling
Windows Firewall, you eliminate the operational overhead associated with
Windows Firewall configuration and maintenance. You also avoid any
performance impact related to Windows Firewall. However, you should closely
evaluate the design of any client or server that requires you to open
numerous ports. Clients and servers that are configured for numerous roles
or to provide numerous services can be a critical point of failure in your
organization and usually indicate poor infrastructure design.


--
Stephen Cartwright [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

"Chris S." <Chr...@discussions.microsoft.com> wrote in message
news:51255544-D82A-4572...@microsoft.com...

0 new messages