Firewalls on VPNs - Best Practice Advice

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

I'm running Windows XP SP2 with the Windows Firewall turned "on" as default
for all connections.

I use the PC for connecting to various remote networks via VPN. Having
previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
connections is not recommended, I've turned off Windows Firewall
specifically for these VPN connections in the

My question regards the fact that whenever I connect to a network via VPN,
that Windows Security Centre "warns" me that the connection is not
firewalled. What would be the best practice to stop this behaviour? Turing
off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
myself" tick-box within Security Centre) is not preferred as I would like to
continue being warned if my Firewall has been turned off for LAN or Wi-Fi
connections, but not for VPN connections.

Any advice much appreciated.

Regards,

Richard Tubb.
www.netlinktrading.co.uk
4 answers Last reply
More about firewalls vpns practice advice
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    The link you provided discussed the old XP Firewall ICF which preceded SP2.
    ICF was a very poor firewall implementation and difficult to configure. The
    Windows Firewall introduced in SP2 is a much better product (though I prefer
    better 3rd party firewalls) and it is not necessary nor recommended to
    disable it for your VPN connection.
    --

    "Richard Tubb" <richard@netlinktrading.co.uk> wrote in message
    news:unrayUckFHA.2444@tk2msftngp13.phx.gbl...
    > Hi,
    >
    > I'm running Windows XP SP2 with the Windows Firewall turned "on" as
    > default for all connections.
    >
    > I use the PC for connecting to various remote networks via VPN. Having
    > previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
    > connections is not recommended, I've turned off Windows Firewall
    > specifically for these VPN connections in the
    >
    > My question regards the fact that whenever I connect to a network via VPN,
    > that Windows Security Centre "warns" me that the connection is not
    > firewalled. What would be the best practice to stop this behaviour? Turing
    > off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
    > myself" tick-box within Security Centre) is not preferred as I would like
    > to continue being warned if my Firewall has been turned off for LAN or
    > Wi-Fi connections, but not for VPN connections.
    >
    > Any advice much appreciated.
    >
    > Regards,
    >
    > Richard Tubb.
    > www.netlinktrading.co.uk
    >
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Hi,

    Thanks for posting!

    Please help me know if you want to make the IT person manage the remote DC
    via Remote Desktop? As Mike said, you may want to enable "Allow logon
    through Terminal Services" to let him logon to the DC.

    Some information for your reference:
    278433 Accessing Terminal Services Using New User Rights Options
    http://support.microsoft.com/?id=278433

    278666 Error Message When You Try to Connect to a Terminal Server Computer
    http://support.microsoft.com/?id=278666

    Hope the information helps. If there is anything that is unclear, please
    feel free to let me know.

    Thanks & Regards,

    Jason Tan

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================

    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.

    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | Reply-To: "Richard Tubb" <richard@netlinktrading.co.uk>
    | From: "Richard Tubb" <richard@netlinktrading.co.uk>
    | Subject: Firewalls on VPNs - Best Practice Advice
    | Date: Tue, 26 Jul 2005 10:34:17 +0100
    | Lines: 26
    | Organization: Netlink Trading Ltd.
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
    | X-RFC2646: Format=Flowed; Original
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
    | Message-ID: <unrayUckFHA.2444@tk2msftngp13.phx.gbl>
    | Newsgroups: microsoft.public.windowsxp.work_remotely
    | NNTP-Posting-Host: 82-36-82-59.cable.ubr03.harb.blueyonder.co.uk
    82.36.82.59
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.work_remotely:12490
    | X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
    |
    | Hi,
    |
    | I'm running Windows XP SP2 with the Windows Firewall turned "on" as
    default
    | for all connections.
    |
    | I use the PC for connecting to various remote networks via VPN. Having
    | previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
    | connections is not recommended, I've turned off Windows Firewall
    | specifically for these VPN connections in the
    |
    | My question regards the fact that whenever I connect to a network via
    VPN,
    | that Windows Security Centre "warns" me that the connection is not
    | firewalled. What would be the best practice to stop this behaviour?
    Turing
    | off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
    | myself" tick-box within Security Centre) is not preferred as I would like
    to
    | continue being warned if my Firewall has been turned off for LAN or Wi-Fi
    | connections, but not for VPN connections.
    |
    | Any advice much appreciated.
    |
    | Regards,
    |
    | Richard Tubb.
    | www.netlinktrading.co.uk
    |
    |
    |
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    I am sorry. Please ignore my previous wrong message.


    --------------------
    | Newsgroups: microsoft.public.windowsxp.work_remotely
    | From: v-jasont@online.microsoft.com (Jason Tan (MSFT))
    | Organization: Microsoft
    | Date: Wed, 27 Jul 2005 12:28:05 GMT
    | Subject: RE: Firewalls on VPNs - Best Practice Advice
    | X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
    | MIME-Version: 1.0
    | Content-Type: text/plain
    | Content-Transfer-Encoding: 7bit
    |
    | Hi,
    |
    | Thanks for posting!
    |
    | Please help me know if you want to make the IT person manage the remote
    DC
    | via Remote Desktop? As Mike said, you may want to enable "Allow logon
    | through Terminal Services" to let him logon to the DC.
    |
    | Some information for your reference:
    | 278433 Accessing Terminal Services Using New User Rights Options
    | http://support.microsoft.com/?id=278433
    |
    | 278666 Error Message When You Try to Connect to a Terminal Server Computer
    | http://support.microsoft.com/?id=278666
    |
    | Hope the information helps. If there is anything that is unclear, please
    | feel free to let me know.
    |
    | Thanks & Regards,
    |
    | Jason Tan
    |
    | Microsoft Online Partner Support
    | Get Secure! - www.microsoft.com/security
    |
    | =====================================================
    |
    | When responding to posts, please "Reply to Group" via your newsreader so
    | that others may learn and benefit from your issue.
    |
    | =====================================================
    | This posting is provided "AS IS" with no warranties, and confers no
    rights.
    |
    | --------------------
    | | Reply-To: "Richard Tubb" <richard@netlinktrading.co.uk>
    | | From: "Richard Tubb" <richard@netlinktrading.co.uk>
    | | Subject: Firewalls on VPNs - Best Practice Advice
    | | Date: Tue, 26 Jul 2005 10:34:17 +0100
    | | Lines: 26
    | | Organization: Netlink Trading Ltd.
    | | X-Priority: 3
    | | X-MSMail-Priority: Normal
    | | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
    | | X-RFC2646: Format=Flowed; Original
    | | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
    | | Message-ID: <unrayUckFHA.2444@tk2msftngp13.phx.gbl>
    | | Newsgroups: microsoft.public.windowsxp.work_remotely
    | | NNTP-Posting-Host: 82-36-82-59.cable.ubr03.harb.blueyonder.co.uk
    | 82.36.82.59
    | | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
    | | Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windowsxp.work_remotely:12490
    | | X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
    | |
    | | Hi,
    | |
    | | I'm running Windows XP SP2 with the Windows Firewall turned "on" as
    | default
    | | for all connections.
    | |
    | | I use the PC for connecting to various remote networks via VPN. Having
    | | previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
    | | connections is not recommended, I've turned off Windows Firewall
    | | specifically for these VPN connections in the
    | |
    | | My question regards the fact that whenever I connect to a network via
    | VPN,
    | | that Windows Security Centre "warns" me that the connection is not
    | | firewalled. What would be the best practice to stop this behaviour?
    | Turing
    | | off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
    | | myself" tick-box within Security Centre) is not preferred as I would
    like
    | to
    | | continue being warned if my Firewall has been turned off for LAN or
    Wi-Fi
    | | connections, but not for VPN connections.
    | |
    | | Any advice much appreciated.
    | |
    | | Regards,
    | |
    | | Richard Tubb.
    | | www.netlinktrading.co.uk
    | |
    | |
    | |
    |
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Hi,

    GTS and co, thanks for all the advice on this subject. I'm now using SP2
    Windows Firewall turned "on" for VPN sessions with the appropriate
    exceptions for File Sharing, etc. as required without any problems.

    Regards,

    Richard Tubb.
    www.netlinktrading.co.uk

    "GTS" <x> wrote in message news:eWN4lUekFHA.3300@TK2MSFTNGP15.phx.gbl...
    > The link you provided discussed the old XP Firewall ICF which preceded
    > SP2. ICF was a very poor firewall implementation and difficult to
    > configure. The Windows Firewall introduced in SP2 is a much better
    > product (though I prefer better 3rd party firewalls) and it is not
    > necessary nor recommended to disable it for your VPN connection.
    > --
    >
    > "Richard Tubb" <richard@netlinktrading.co.uk> wrote in message
    > news:unrayUckFHA.2444@tk2msftngp13.phx.gbl...
    >> Hi,
    >>
    >> I'm running Windows XP SP2 with the Windows Firewall turned "on" as
    >> default for all connections.
    >>
    >> I use the PC for connecting to various remote networks via VPN. Having
    >> previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
    >> connections is not recommended, I've turned off Windows Firewall
    >> specifically for these VPN connections in the
    >>
    >> My question regards the fact that whenever I connect to a network via
    >> VPN, that Windows Security Centre "warns" me that the connection is not
    >> firewalled. What would be the best practice to stop this behaviour?
    >> Turing off warnings altogether (i.e. "I have a Firewall Solution I'll
    >> monitor myself" tick-box within Security Centre) is not preferred as I
    >> would like to continue being warned if my Firewall has been turned off
    >> for LAN or Wi-Fi connections, but not for VPN connections.
    >>
    >> Any advice much appreciated.
    >>
    >> Regards,
    >>
    >> Richard Tubb.
    >> www.netlinktrading.co.uk
    >>
    >
    >
Ask a new question

Read More

Firewalls vpn Windows XP