Firewalls on VPNs - Best Practice Advice

[Richard Tubb]

Hi,

I'm running Windows XP SP2 with the Windows Firewall turned "on" as default
for all connections.

I use the PC for connecting to various remote networks via VPN. Having
previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
connections is not recommended, I've turned off Windows Firewall
specifically for these VPN connections in the

My question regards the fact that whenever I connect to a network via VPN,
that Windows Security Centre "warns" me that the connection is not
firewalled. What would be the best practice to stop this behaviour? Turing
off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
myself" tick-box within Security Centre) is not preferred as I would like to
continue being warned if my Firewall has been turned off for LAN or Wi-Fi
connections, but not for VPN connections.

Any advice much appreciated.

Regards,

Richard Tubb.
www.netlinktrading.co.uk

 

[GTS]

The link you provided discussed the old XP Firewall ICF which preceded SP2.
ICF was a very poor firewall implementation and difficult to configure. The
Windows Firewall introduced in SP2 is a much better product (though I prefer
better 3rd party firewalls) and it is not necessary nor recommended to
disable it for your VPN connection.

 

[Jason Tan]

Hi,

Thanks for posting!

Please help me know if you want to make the IT person manage the remote DC
via Remote Desktop? As Mike said, you may want to enable "Allow logon
through Terminal Services" to let him logon to the DC.

Some information for your reference:
278433 Accessing Terminal Services Using New User Rights Options
http://support.microsoft.com/?id=278433

278666 Error Message When You Try to Connect to a Terminal Server Computer
http://support.microsoft.com/?id=278666

Hope the information helps. If there is anything that is unclear, please
feel free to let me know.

Thanks & Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Reply-To: "Richard Tubb" <[email protected]>
| From: "Richard Tubb" <[email protected]>
| Subject: Firewalls on VPNs - Best Practice Advice
| Date: Tue, 26 Jul 2005 10:34:17 +0100
| Lines: 26
| Organization: Netlink Trading Ltd.
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.work_remotely
| NNTP-Posting-Host: 82-36-82-59.cable.ubr03.harb.blueyonder.co.uk
82.36.82.59
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.work_remotely:12490
| X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
|
| Hi,
|
| I'm running Windows XP SP2 with the Windows Firewall turned "on" as
default
| for all connections.
|
| I use the PC for connecting to various remote networks via VPN. Having
| previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
| connections is not recommended, I've turned off Windows Firewall
| specifically for these VPN connections in the
|
| My question regards the fact that whenever I connect to a network via
VPN,
| that Windows Security Centre "warns" me that the connection is not
| firewalled. What would be the best practice to stop this behaviour?
Turing
| off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
| myself" tick-box within Security Centre) is not preferred as I would like
to
| continue being warned if my Firewall has been turned off for LAN or Wi-Fi
| connections, but not for VPN connections.
|
| Any advice much appreciated.
|
| Regards,
|
| Richard Tubb.
| www.netlinktrading.co.uk
|
|
|

 

[Jason Tan]

I am sorry. Please ignore my previous wrong message.




--------------------
| Newsgroups: microsoft.public.windowsxp.work_remotely
| From: (e-mail address removed) (Jason Tan (MSFT))
| Organization: Microsoft
| Date: Wed, 27 Jul 2005 12:28:05 GMT
| Subject: RE: Firewalls on VPNs - Best Practice Advice
| X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
|
| Hi,
|
| Thanks for posting!
|
| Please help me know if you want to make the IT person manage the remote
DC
| via Remote Desktop? As Mike said, you may want to enable "Allow logon
| through Terminal Services" to let him logon to the DC.
|
| Some information for your reference:
| 278433 Accessing Terminal Services Using New User Rights Options
| http://support.microsoft.com/?id=278433
|
| 278666 Error Message When You Try to Connect to a Terminal Server Computer
| http://support.microsoft.com/?id=278666
|
| Hope the information helps. If there is anything that is unclear, please
| feel free to let me know.
|
| Thanks & Regards,
|
| Jason Tan
|
| Microsoft Online Partner Support
| Get Secure! - www.microsoft.com/security
|
| =====================================================
|
| When responding to posts, please "Reply to Group" via your newsreader so
| that others may learn and benefit from your issue.
|
| =====================================================
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|
| --------------------
| | Reply-To: "Richard Tubb" <[email protected]>
| | From: "Richard Tubb" <[email protected]>
| | Subject: Firewalls on VPNs - Best Practice Advice
| | Date: Tue, 26 Jul 2005 10:34:17 +0100
| | Lines: 26
| | Organization: Netlink Trading Ltd.
| | X-Priority: 3
| | X-MSMail-Priority: Normal
| | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| | X-RFC2646: Format=Flowed; Original
| | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| | Message-ID: <[email protected]>
| | Newsgroups: microsoft.public.windowsxp.work_remotely
| | NNTP-Posting-Host: 82-36-82-59.cable.ubr03.harb.blueyonder.co.uk
| 82.36.82.59
| | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.work_remotely:12490
| | X-Tomcat-NG: microsoft.public.windowsxp.work_remotely
| |
| | Hi,
| |
| | I'm running Windows XP SP2 with the Windows Firewall turned "on" as
| default
| | for all connections.
| |
| | I use the PC for connecting to various remote networks via VPN. Having
| | previously been advised (http://tinyurl.com/cej6f) that Firewalling VPN
| | connections is not recommended, I've turned off Windows Firewall
| | specifically for these VPN connections in the
| |
| | My question regards the fact that whenever I connect to a network via
| VPN,
| | that Windows Security Centre "warns" me that the connection is not
| | firewalled. What would be the best practice to stop this behaviour?
| Turing
| | off warnings altogether (i.e. "I have a Firewall Solution I'll monitor
| | myself" tick-box within Security Centre) is not preferred as I would
like
| to
| | continue being warned if my Firewall has been turned off for LAN or
Wi-Fi
| | connections, but not for VPN connections.
| |
| | Any advice much appreciated.
| |
| | Regards,
| |
| | Richard Tubb.
| | www.netlinktrading.co.uk
| |
| |
| |
|

 

[Richard Tubb]

Hi,

GTS and co, thanks for all the advice on this subject. I'm now using SP2
Windows Firewall turned "on" for VPN sessions with the appropriate
exceptions for File Sharing, etc. as required without any problems.

Regards,

Richard Tubb.
www.netlinktrading.co.uk