Re: Windows Server 2008 Firewall ?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hello Paul,

The definitions are made for home(PRIVATE), overall internet, internet cafe for example(PUBLIC) and DOMAIN as it's describe itself. So you have 3 different profiles you can configure for your users needs.

You should NOT multihome any DC. The only exception is SBS, this is especially built for different configuration options then the normal server versions. See here about multihoming:
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

Additional start here for the Windows Firewall:
http://technet.microsoft.com/en-us/network/bb545423.aspx

http://www.windowsnetworking.com/articles_tutorials/configure-Windows-Server-2008-advanced-firewall-MMC-snap-in.html

Also the Windows Firewall Newsgroup should be the better place for your questions:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.networking.firewall&cat=en_US_33705571-5966-4446-87c3-318b36fe738c&lang=en&cr=US



Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Hi All,

I am having difficulty understanding the firewall in Windows Server
2008 and wondering if anyone can enlighten me.

Honestly speaking, I think this new firewall presents its own set of
security issues as it is more likely that a misconfiguration will open
the firewall over securing it. Having worked with ISA, Astaro, BIND
DNS, and many other different apparatus and understand the concept of
a perimeter wall, and the freedom to define the perimeter, but W2008FW
has this predefined in PRIVATE/PUBLIC/DOMAIN.

So my first question is what are the above definitions (ACLs) and how
do I work with them?

How do they relate to multihomed DCs? For example, I would expect to
define the external adapter as PUBLIC, and proceed with a harderning
of the wall on the external addresses, and Private the local net (e.g.
192.168.1.0/24), which I would like to open up to access our
applications.

However whatever I do seems to produce weird and strange results.

To let you know what I am trying to do:

1. Open POP3 in on the external adapter only.
2. Open HTTP/HTTPS in on the external adapter only.
I tried to simply allow 110 across all profiles on external adapter
only but email clients have problem logging in. Same as HTTP. When I
do an IP scan it says the ports are open. Confusing.



.

Relevant Pages

  • Windows Server 2008 Firewall ?
    ... I am having difficulty understanding the firewall in Windows Server 2008 and ... predefined in PRIVATE/PUBLIC/DOMAIN. ... and proceed with a harderning of the wall on ... Open POP3 in on the external adapter only. ...
    (microsoft.public.windows.server.general)
  • Re: Roaming Profiles and ICF
    ... jilltre typed: ... Here's my boilerplate on roaming profiles: ... group policy or manually. ... I would leave the firewall enabled. ...
    (microsoft.public.windows.server.sbs)
  • RE: Internet Cafe
    ... Unfortunately the current Firewall does not support any kind of bandwidth ... Subject: Internet Cafe ...
    (Security-Basics)
  • Re: OT: Laptop sufficent for Vista?
    ... firewall is just barely acceptable as a firewall. ... Yes, but apart from laptops and wireless Internet Cafe situations, it ... Third party firewall software ... is an even worse drag and doesn't really offer any more protection ...
    (uk.comp.homebuilt)
  • Re: Roaming Profiles and ICF
    ... jilltre typed: ... computers that have the ICF enabled via a group policy. ... I would leave the firewall enabled. ... especially if they want roaming profiles. ...
    (microsoft.public.windows.server.sbs)