Use Kerio wih XP Firewall?

[Jackeline D]

I installed Kerio on my XP Pro system and later noticed that I had
not turned off XP's own internal Internet Connection Firewall.

I haven't noticed any adverse effect so I guess that I could I keep
them both.

Is there any disadvantage to this setup?
Is there any advantage?

 

[Daniel Roth]

Generally, you don't want to use double firewalls on the same machine.
I can't see any advantage, just disadvantages.

IE if you want to open up a port to allow incoming connections.. You'll have
to change in two locations then..

/Daniel Roth

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

It isn't necessary and it doesn't give you any added protection and having
two firewalls active might slowdown your access to websites.

 

[Ken Blake, MVP]

In

I installed Kerio on my XP Pro system and later noticed that I had
not turned off XP's own internal Internet Connection Firewall.

I haven't noticed any adverse effect so I guess that I could I keep
them both.

Is there any disadvantage to this setup?

Yes.

1. You are running two programs instead of one, and therefore
using more CPU cycles than necessary.

2. Since the two are essentially doing the same thing at the same
time, you run the risk of their interfering with each other. That
risk is probably slight, since I've heard of several people who
have gotten away with doing it, but I wouldn't assume that the
risk is therefore zero.

Is there any advantage?

No. It's like arriving in a foreign country by airplane. If you
go through immigration where a clerk inspects your passport,
there's no increased security if a few yards further, you go
through another station where a second guard inspects your
passport. It's just a duplication, and therefore a waste, of
effort.

I would turn off ICF.

 

[Duane Arnold]

I installed Kerio on my XP Pro system and later noticed that I had
not turned off XP's own internal Internet Connection Firewall.

I haven't noticed any adverse effect so I guess that I could I keep
them both.

Is there any disadvantage to this setup?
Is there any advantage?

If you're going to run with two, then run with one that is not a FW but
provides equal protection, like a FW. IPsec is integrated into the XP O/S
and provides better protection than running two host based FW(s). IPsec
doesn't interfere or conflict with anything and can block inbound or
outbound traffic, by IP, port, protocol or DNS.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

AnalogX has a zip file with a SecPol file that can be implemented and
activated that will give the basic protection. You can use the rules
created by AnalogX as examples to create your own rules. It's not hard to
create a rule. You can use IPsec to supplement a host based FW or router.

Duane

 

[Plato]

I installed Kerio on my XP Pro system and later noticed that I had
not turned off XP's own internal Internet Connection Firewall.

I haven't noticed any adverse effect so I guess that I could I keep
them both.

You could I guess, but its not at all necessary and could cause a niggle
down the line.

 

[Baby]

I installed Kerio on my XP Pro system and later noticed that I had
not turned off XP's own internal Internet Connection Firewall.

I haven't noticed any adverse effect so I guess that I could I keep
them both.

Is there any disadvantage to this setup?
Is there any advantage?

I don't think the XP firewall adds much value because it doesn't block
outgoing connections, which is the strong point for using a software
firewall in the first place.

But as for running two firewalls at the same time, I see a lot of
value in that. I have run two software firewalls simultaneously for
years (various programs including the defunct Atguard and Signal9,
ZoneAlarm, Tiny), and have never had a problem or conflict. You just
need to test them together to know for sure.

The advantage of using two is that one firewall watches the other. I
have used ZoneAlarm for a while, and, although I like it, my other
firewall has caught it trying to connect out on several occassions.
That, plus the scary information that I have seen regarding ZoneAlarm
and TrueVector have caused me to uninstall ZoneAlarm.

If you are curious about the "scary information" I allude to, do a
Google Groups search for:

"Zone Alarm: TROJAN disguised as FIREWALL?"

baby

 

[t.cruise]

If your Zone Alarm is trying to connect, it's probably automatically
checking for updates. If you don't want it to, then change the search for
updates option to MANUALLY.