Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Firewall on Domain


  • Please log in to reply
5 replies to this topic

#1
Bad boy Warrior

Bad boy Warrior

    Advanced Member

  • Member
  • PipPipPip
  • 409 posts
  • Joined 03-February 05
  • OS:Windows 8 x64
  • Country: Country Flag
Just been reading a few articles on WS2008 and firewalls, NAP etc. Im just wondering if anyone has enabled the default WS2008 firewall on a domain and successfully allowed clients to authenticate etc without huge problems? OR would you say its still not recomended enabling a FW on a domain controller?

If you have what ports are you opening? Im curious to know as WS2008 seems to have a lot of useful and neat features available.

Thanks
I say what I do and do what I mean - Heat


How to remove advertisement from MSFN

#2
fizban2

fizban2

    MSFN Addict

  • Super Moderator
  • 1,900 posts
  • Joined 14-April 05
  • OS:Windows 7 x64
  • Country: Country Flag
i would say enabling the FW on the DC will cause you more issues then help. The internal domain should be safeguarded at the entries from the intranet to internet or anywhere that you would deem as no safe or control on your intranet. NAP + 802.1X authentication is amazing btw :)

#3
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
I've firewalled DCs at the host level before, but fizban is right - you have to make a LOT of holes to get it to work. A better solution is hardware firewalls throughout the network, IPSec between all domain hosts, 802.1x+Radius/IAC at switch ports and your wireless access points, and good monitoring for anomalies. Host-based firewalls are good for clients, but can be a pain on servers. I've found that 802.1x+Radius, IPSec, and hardware firewalls and DMZs where appropriate are a far better solution to keeping your network from being crunchy on the ouside and chewy on the inside.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#4
Bad boy Warrior

Bad boy Warrior

    Advanced Member

  • Member
  • PipPipPip
  • 409 posts
  • Joined 03-February 05
  • OS:Windows 8 x64
  • Country: Country Flag
I think NAP has got me started on this as i like the idea of how it works. I think i have a good month's worth of reading on IPSEC as that seems the way to go forward at the moment.

If you guys do have any video links on IPSEC please let me know?
I say what I do and do what I mean - Heat

#5
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
I don't know about video, but technet always has good information.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#6
Bad boy Warrior

Bad boy Warrior

    Advanced Member

  • Member
  • PipPipPip
  • 409 posts
  • Joined 03-February 05
  • OS:Windows 8 x64
  • Country: Country Flag
Ok finally how does SCW fit into all this? Im under the impression that its just an XML file that allows you to define a firewall policy - is this correct?
I say what I do and do what I mean - Heat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users