Windows Server 2008 Firewall ?

Hi All,

I am having difficulty understanding the firewall in Windows Server 2008 and
wondering if anyone can enlighten me.

Honestly speaking, I think this new firewall presents its own set of
security issues as it is more likely that a misconfiguration will open the
firewall over securing it. Having worked with ISA, Astaro, BIND DNS, and
many other different apparatus and understand the concept of a perimeter
wall, and the freedom to define the perimeter, but W2008FW has this
predefined in PRIVATE/PUBLIC/DOMAIN.

So my first question is what are the above definitions (ACLs) and how do I
work with them?

How do they relate to multihomed DCs? For example, I would expect to define
the external adapter as PUBLIC, and proceed with a harderning of the wall on
the external addresses, and Private the local net (e.g. 192.168.1.0/24),
which I would like to open up to access our applications.

However whatever I do seems to produce weird and strange results.

To let you know what I am trying to do:

1. Open POP3 in on the external adapter only.
2. Open HTTP/HTTPS in on the external adapter only.

I tried to simply allow 110 across all profiles on external adapter only but
email clients have problem logging in. Same as HTTP. When I do an IP scan it
says the ports are open. Confusing.

Hello Paul,

The definitions are made for home(PRIVATE), overall internet, internet cafe
for example(PUBLIC) and DOMAIN as it's describe itself. So you have 3 different
profiles you can configure for your users needs.

You should NOT multihome any DC. The only exception is SBS, this is especially
built for different configuration options then the normal server versions.
See here about multihoming:
http://msmvps.com/blogs/acefekay/arc...-adapters.aspx

Additional start here for the Windows Firewall:
http://technet.microsoft.com/en-us/n.../bb545423.aspx

http://www.windowsnetworking.com/art...C-snap-in.html

Also the Windows Firewall Newsgroup should be the better place for your questions:
http://www.microsoft.com/communities...&lang=en&cr=US



Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi All,
>
> I am having difficulty understanding the firewall in Windows Server
> 2008 and wondering if anyone can enlighten me.
>
> Honestly speaking, I think this new firewall presents its own set of
> security issues as it is more likely that a misconfiguration will open
> the firewall over securing it. Having worked with ISA, Astaro, BIND
> DNS, and many other different apparatus and understand the concept of
> a perimeter wall, and the freedom to define the perimeter, but W2008FW
> has this predefined in PRIVATE/PUBLIC/DOMAIN.
>
> So my first question is what are the above definitions (ACLs) and how
> do I work with them?
>
> How do they relate to multihomed DCs? For example, I would expect to
> define the external adapter as PUBLIC, and proceed with a harderning
> of the wall on the external addresses, and Private the local net (e.g.
> 192.168.1.0/24), which I would like to open up to access our
> applications.
>
> However whatever I do seems to produce weird and strange results.
>
> To let you know what I am trying to do:
>
> 1. Open POP3 in on the external adapter only.
> 2. Open HTTP/HTTPS in on the external adapter only.
> I tried to simply allow 110 across all profiles on external adapter
> only but email clients have problem logging in. Same as HTTP. When I
> do an IP scan it says the ports are open. Confusing.
>