Two software firewalls slow download speed to a halt (sygate, zone alarm)

[Susan]

This is just a warning that running one or two firewalls definately kills
performance!

I called my ISP support complaining (erroneously it turns out) that they
have slowed down tremendously - so bad that graphic intensive web pages
often timed out.

While debugging, they asked me to turn off my two favorite freeware
firewalls which were Zone Alarm and Sygate Personal Firewall.

Voila!

My download speed improved tremendously (I don't know how to check the
value of the download speed but the difference was immensely noticeable).

My ISP support said I didn't need any firewall since I was using what they
called the NAT (the wireless tranmitter) so I turned both off and now I
don't have dueling firewalls anymore (that's their term for it).

Anyway, I just figured I'd let others know because this isn't obvious data.

Susan

 

[Guest]

Probably not obvious to newer computer users but you are right Susan, you
need only one firewall on your system, if you have a NAT firewall built into
your router or modem then you do not need a software firewall, especially not
two.

If you had XP SP2 you would also have the windows firewall as well, so you
probably had four firewalls running Susan.

A valuable bit of information that I'm sure will help out other newbie PC
users.

I personally have a hardware NAT firewall built into my router and I leave
the Windows firewall turned on, i don't actually notice any slowdown with
that combination.

Andy W

 

[Malke]

Probably not obvious to newer computer users but you are right Susan,
you need only one firewall on your system, if you have a NAT firewall
built into your router or modem then you do not need a software
firewall, especially not two.

If you had XP SP2 you would also have the windows firewall as well, so
you probably had four firewalls running Susan.

A valuable bit of information that I'm sure will help out other newbie
PC users.

I personally have a hardware NAT firewall built into my router and I
leave the Windows firewall turned on, i don't actually notice any
slowdown with that combination.

Andy W

(snip)

The only thing I'd disagree with in your post is that even with a
router, I'd run a software firewall on all Windows machines that
connect to the Internet. Just one, of course.

Malke

 

[Guest]

You disagree, read the end of my last post Malke, I qoute myself :

Begin Quote :

I personally have a hardware NAT firewall built into my router and I leave
the Windows firewall turned on, i don't actually notice any slowdown with
that combination.

End quote :

I do have a software firewall as well, the SP2 windows firewall and my
hardware router NAT firewall.

Andy W

 

[Malke]

You disagree, read the end of my last post Malke, I qoute myself :

Begin Quote :

I personally have a hardware NAT firewall built into my router and I
leave the Windows firewall turned on, i don't actually notice any
slowdown with that combination.

End quote :

I do have a software firewall as well, the SP2 windows firewall and my
hardware router NAT firewall.

Ah yes, then I misread the first part of your post as saying you didn't
think a software firewall was necessary if you were behind a router.
Forgive the misunderstanding.

Malke

 

[Guest]

No problems Malke, it seems we are both on the same wavelength now.

Andy W

 

[Guest]

But I would disagree with something more like this one:

Both Zone Alarm and Sygate turn off Windows Firewall while installing so the
user has had 3 firewalls ,not 4.



Panda_man

 

[Guest]

Those programs should give you the option to turn off the Windows Firewall
during installation.

I think just because Malke read my reply wrong and now we have sorted the
mistake you are just trying to find a fault in my reply.

It is possible to have those products and the Windows Firewall on at the
same time.

Andy W

 

[Ken Blake, MVP]

This is just a warning that running one or two firewalls definately
kills performance!

I use only one firewall on all my computers here, and I have not seen *any*
perceptible degradation in performance.

I called my ISP support complaining (erroneously it turns out) that
they have slowed down tremendously - so bad that graphic intensive
web pages often timed out.

While debugging, they asked me to turn off my two favorite freeware
firewalls which were Zone Alarm and Sygate Personal Firewall.

Running with two software firewalls is *not* a good idea. You achieve no
extra protection, you incur the extra overhead of running two firewalls, and
you run the risk (probably small, but not zero) of conflicts between them.

See http://www.microsoft.com/athome/security/protect/firewall.mspx which
includes the following:

"Q. Should I use both the built-in firewall and a software firewall from a
different company on my Windows XP computer?

"A. No. Running multiple software firewalls is unnecessary for typical home
computers, home networking, and small-business networking scenarios. Using
two firewalls on the same connection could cause issues with connectivity to
the Internet or other unexpected behavior. One firewall, whether it is the
Windows XP Internet Connection Firewall or a different software firewall,
can provide substantial protection for your computer."

Voila!

My download speed improved tremendously (I don't know how to check the
value of the download speed but the difference was immensely
noticeable).

If that was your experience I can't argue with it, but, as I said, it
hasn't been mine with a single firewall. Did you compare running with two
firewalls against running with only one? If you want to pursue this further
and get actual numbers you can compare directly, got to
http://www.dslreports.com/speedtest and run tests there. I would suggest
trying it a few times, and not relying on a single test.

My ISP support said I didn't need any firewall since I was using what
they called the NAT (the wireless tranmitter) so I turned both off
and now I don't have dueling firewalls anymore (that's their term for
it).

Dueling firewalls is not good. As I said, don't run two software firewalls.
But if I were you, I'd put back one of them. Having NAT is good, and it
provides significant protection, however it monitors incoming traffic only.
Also using almost any third-party firewall will also monitor outbound
traffic, stopping rogue programs trying to call home.

I personally use a combination of NAT on my router and the free version of
Zone Alarm.

 

[Guest]

Sorry to go off topic, Quick question for Ken, is it true that the Firewall
coming with Windows Vista will scan incoming and outgoing packets ?

Andy W

 

[Ken Blake, MVP]

Sorry to go off topic, Quick question for Ken, is it true that the
Firewall coming with Windows Vista will scan incoming and outgoing
packets ?

Sorry, I don't know.

 

[Guest]

I found out and yes it does, look at page 2 at the bottom of this
techrepublic article.

Link : http://techrepublic.com.com/5100-10877-6035954-2.html

Andy W

 

[Guest]

Sorry, I don't know.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup





i read even if a firewall is turned off it's running.i had 2 firewalls on windows me. 1 running 1 turned off. i went to use credit card and both firewalls got tangeled in ssl

a great treat to credit card.now i have an external hdd with 8 firewalls
(hey i'm a pack rat ) lol BUT ONLY 1 firewall on c drive !!! (runing)

 

[Guest]

8 Firewalls, Just one question.

WHY ?

Andy W

a great treat to credit card.now i have an external hdd with 8 firewalls
(hey i'm a pack rat ) lol BUT ONLY 1 firewall on c drive !!! (runing)

 

[Ken Blake, MVP]

I found out and yes it does, look at page 2 at the bottom of this
techrepublic article.

Link : http://techrepublic.com.com/5100-10877-6035954-2.html

Thanks. Let me point out, though, that this is talking about the current
beta release. Although if this feature is in the current beta it's very
likely that it will be in the released product, there's never a guarantee of
that. If a feature causes problems in the beta, it's always possible for
Microsoft to decide to eliminate it rather than hold up release by taking
the time to fix it.

I'm not suggesting that eliminating the feature is likely, only that it's
possible, and no one should ever rely with certainly on a beta accurately
representing the finished product.