Firewall vs group policy in sbs 2003

horsefever

Distinguished
Apr 21, 2006
6
0
18,510
I'm new to networking. I'm also working on a server that I did NOT set up. Before anyone asks, Yes I've searched for an answer and haven't found anything. If there is an article that would enlighten me... show me the way. Basically, I am using GPO's to restrict internet access by computer not user account. Everyone says use Firewall settings to do this . But when I look up the firewall, it is also a GPO, or so it seems to me. Are they the same just configured differently? I know enough to know that the router itself may have a firewall but right now I"m just concerned with figuring out the Firewall object listed with the GPO's.
 

seacliff

Distinguished
Jun 14, 2010
65
0
18,640
I would also say to do that on the router firewall. Here is why I would do it that way.

For the GPO to be working, you need all PCs to be connected to that server using the domain. If someone brings in a laptop, or anything on his own and plug it, he will have full access to the internet.

If you do the exact same thing, but on the router, every packets will be checked and canceled if need be, whatever the node is.

In fact, if you use GPOs, you have to apply them to each and every node whereas using the firewall, you don't have to do anything else which saves you some times.

GPO are often used to limit access to users/computers. By using GPOs, you can limit some user/computer, and not others.

I hope I did answered what you were asking :)
 

horsefever

Distinguished
Apr 21, 2006
6
0
18,510
So is there a way to tell how many firewalls are currently active? I am pretty sure there is a firewall(though it's not being used) on the wireless router. I would guess there is a firewall that came with the wired router, and then there is the GPO that is named "Firewall" and probably a firewall that came with the Symatec virus protection. But how can I tell which are currently working? I say working, but I maybe I mean currently active? running? Thanks.
 

riser

Illustrious
Generally the "firewall" that router's claim to have is really NAT. Changing an IP from Private to Public/Public to Private. Some have firewalls and you would need to go into the router's settings to check.

The GPO is probably pushing settings to the firewall. Disabling windows firewall, or enabling it. You would need to dig through the GPO to see what it is doing.

The easiest way to figure out what's working is to review each firewall on the GPO and Router. You could move the AD Computer Object out of the OU with the GPO applied to remove those settings (run gpupate /force).

You're stuck doing the leg work to really understand the infrastructure on this one.