Bad boy Warrior Posted March 10, 2008 Share Posted March 10, 2008 Just been reading a few articles on WS2008 and firewalls, NAP etc. Im just wondering if anyone has enabled the default WS2008 firewall on a domain and successfully allowed clients to authenticate etc without huge problems? OR would you say its still not recomended enabling a FW on a domain controller?If you have what ports are you opening? Im curious to know as WS2008 seems to have a lot of useful and neat features available.Thanks Link to comment Share on other sites More sharing options...
fizban2 Posted March 10, 2008 Share Posted March 10, 2008 i would say enabling the FW on the DC will cause you more issues then help. The internal domain should be safeguarded at the entries from the intranet to internet or anywhere that you would deem as no safe or control on your intranet. NAP + 802.1X authentication is amazing btw Link to comment Share on other sites More sharing options...
cluberti Posted March 10, 2008 Share Posted March 10, 2008 I've firewalled DCs at the host level before, but fizban is right - you have to make a LOT of holes to get it to work. A better solution is hardware firewalls throughout the network, IPSec between all domain hosts, 802.1x+Radius/IAC at switch ports and your wireless access points, and good monitoring for anomalies. Host-based firewalls are good for clients, but can be a pain on servers. I've found that 802.1x+Radius, IPSec, and hardware firewalls and DMZs where appropriate are a far better solution to keeping your network from being crunchy on the ouside and chewy on the inside. Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 10, 2008 Author Share Posted March 10, 2008 I think NAP has got me started on this as i like the idea of how it works. I think i have a good month's worth of reading on IPSEC as that seems the way to go forward at the moment.If you guys do have any video links on IPSEC please let me know? Link to comment Share on other sites More sharing options...
cluberti Posted March 10, 2008 Share Posted March 10, 2008 I don't know about video, but technet always has good information. Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted March 10, 2008 Author Share Posted March 10, 2008 Ok finally how does SCW fit into all this? Im under the impression that its just an XML file that allows you to define a firewall policy - is this correct? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now