Hi all, I am in the process of deciding if we should enable firewalls on our Windows 2008 R2 servers. We have 25 servers in production with around 1200 clients. In the past we've never had firewalls enabled internally but thinking it's time we step up our security. Just like to get everyone thoughts on this if you use or don't use firewall on your internal network. Regards, Mark

Hello, if you use the firewall you have to assure that all ports are opened for AD replication and all other serviecs you use, RDP, NTP, SMPT, etc. Our networks are separated from the internet and we don't use the firewalls. We have some strict policies for the users they have to sign and until now that way works. But this depends on you. Also with internet access from the internal network you should have a central firewall like CISCO ASA for example.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hello Mark, “Use or don't use firewall should be a function of how much you have to lose if an attack is successful” I would suggest you to read this article: Firewalls By Tony Northrup http://technet.microsoft.com/en-us/library/cc700820.aspx#XSLTsection124121120120 Best regards, HarryThis posting is provided "AS IS" with no warranties, and confers no rights.

Hello Mark, My recommendation is for you to spend some time in the lab on this one. Enabling the firewalls on the servers and/or clients from the textbook perspective may sound relatively easy. However, you really need to have a clear understanding of which applications are running on the network and what their dependencies are. At the very minimum, most will usually place a perimeter firewall to protect the internal network from the public internet traffic. Many take it a step further and create a "Secure Zone" on the internal network by placing a firewall internally as well. You would then move all of the servers into this "Secure Zone". Then simply create firewall rules to allow access to the services provided by these servers. This centralized approach works well when you have custom rules per server. If you simply apply a GPO to set the firewall rules on the local firewalls running on the servers, you will have to ensure that the rules you put in place will work for all of the servers. Otherwise, you will find yourself creating multiple GPOs and alot of custom configuration to get the local firewalls running. So, it is really going to depend on your current and future application portfolio. You should read the article written by Tony Northrup. Its a pretty good summary. Visit: anITKB.com, an IT Knowledge Base.

HI all, Sorry for late reply. Thanks for the response it's been great. Cheers, Mark