• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
Bad boy Warrior

Firewall on Domain

6 posts in this topic

Just been reading a few articles on WS2008 and firewalls, NAP etc. Im just wondering if anyone has enabled the default WS2008 firewall on a domain and successfully allowed clients to authenticate etc without huge problems? OR would you say its still not recomended enabling a FW on a domain controller?

If you have what ports are you opening? Im curious to know as WS2008 seems to have a lot of useful and neat features available.

Thanks

0

Share this post


Link to post
Share on other sites

i would say enabling the FW on the DC will cause you more issues then help. The internal domain should be safeguarded at the entries from the intranet to internet or anywhere that you would deem as no safe or control on your intranet. NAP + 802.1X authentication is amazing btw :)

0

Share this post


Link to post
Share on other sites

I've firewalled DCs at the host level before, but fizban is right - you have to make a LOT of holes to get it to work. A better solution is hardware firewalls throughout the network, IPSec between all domain hosts, 802.1x+Radius/IAC at switch ports and your wireless access points, and good monitoring for anomalies. Host-based firewalls are good for clients, but can be a pain on servers. I've found that 802.1x+Radius, IPSec, and hardware firewalls and DMZs where appropriate are a far better solution to keeping your network from being crunchy on the ouside and chewy on the inside.

0

Share this post


Link to post
Share on other sites

I think NAP has got me started on this as i like the idea of how it works. I think i have a good month's worth of reading on IPSEC as that seems the way to go forward at the moment.

If you guys do have any video links on IPSEC please let me know?

0

Share this post


Link to post
Share on other sites

I don't know about video, but technet always has good information.

0

Share this post


Link to post
Share on other sites

Ok finally how does SCW fit into all this? Im under the impression that its just an XML file that allows you to define a firewall policy - is this correct?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.