Windows Server 2008 Firewall
Hi guys,
I have a problem with one of my
servers.
We have disabled the Windows Firewall
because we have other security solutions.
By cons, it was a reboot
earlier this week, to maintain the server
and the firewall is activated
alone. This caused problems with
our network. So we turned off
the firewall and everything returned to normal.
I want to know why the firewall would
be activated automatically,
there is no group policy for the server.
Thank you!
May 31st, 2012 9:35am
1) By disabling the firewall, perhaps the service was stopped and not set to disabled. Thus allowing it to start when a reboot occurred.
2) If this is WS2008+, Check "Action Center" in the Control Panel. Some of those settings allow for automatic remediation.
3) There are a number of other products out there (SCCM, Tripwire) that will automatically change/revert settings. Verify that this particular incident wasn't caused by one of your other products.
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2012 3:56pm
The only thing that is installed
on the server is vCenter and vSphere
Client
May 31st, 2012 4:18pm
nooooo:
a) do NOT disable the Windows Firewall service. It is an essential service for the advanced filtering platform and MUST remain running. If you stop or disable the service, there is still a firewall driver inside kernel which switches into some "lockdown
mode" and blocks incoming traffic to prevent attacks which kill the windows firewall service process.
b) go into the properties of the firewall instead and disable the firewall functionality by using the GUI for all three profiles
c) you can also consider the Allow/Allow setting instead - if you leave firewall enabled, but configure it so that it allows all the traffic, it is still operating, can use IPSec and also inspects "packet quality". So this is a better solution than completelly
disabling firewall
d) there may be some applications generally, that enable firewall (or NAP for instance). If you want to configure firewall forcibly, use either local GPO or a domain based GPO instead.
o.
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2012 4:10am
nooooo:
a) do NOT disable the Windows Firewall service. It is an essential service for the advanced filtering platform and MUST remain running. If you stop or disable the service, there is still a firewall driver inside kernel which switches into some "lockdown
mode" and blocks incoming traffic to prevent attacks which kill the windows firewall service process.
b) go into the properties of the firewall instead and disable the firewall functionality by using the GUI for all three profiles
c) you can also consider the Allow/Allow setting instead - if you leave firewall enabled, but configure it so that it allows all the traffic, it is still operating, can use IPSec and also inspects "packet quality". So this is a better solution than completelly
disabling firewall
d) there may be some applications generally, that enable firewall (or NAP for instance). If you want to configure firewall forcibly, use either local GPO or a domain based GPO instead.
o.
June 1st, 2012 4:16am