31 Mei 2012 13:29
I have a problem with one of my servers.
We have disabled the Windows Firewall because we have other security solutions. By cons, it was a reboot earlier this week, to maintain the server and the firewall is activated alone. This caused problems with our network. So we turned off the firewall and everything returned to normal.
I want to know why the firewall would be activated automatically, there is no group policy for the server.
31 Mei 2012 19:50
1) By disabling the firewall, perhaps the service was stopped and not set to disabled. Thus allowing it to start when a reboot occurred.
2) If this is WS2008+, Check "Action Center" in the Control Panel. Some of those settings allow for automatic remediation.
3) There are a number of other products out there (SCCM, Tripwire) that will automatically change/revert settings. Verify that this particular incident wasn't caused by one of your other products.
31 Mei 2012 20:12The only thing that is installed on the server is vCenter and vSphere Client
01 Juni 2012 8:10
a) do NOT disable the Windows Firewall service. It is an essential service for the advanced filtering platform and MUST remain running. If you stop or disable the service, there is still a firewall driver inside kernel which switches into some "lockdown mode" and blocks incoming traffic to prevent attacks which kill the windows firewall service process.
b) go into the properties of the firewall instead and disable the firewall functionality by using the GUI for all three profiles
c) you can also consider the Allow/Allow setting instead - if you leave firewall enabled, but configure it so that it allows all the traffic, it is still operating, can use IPSec and also inspects "packet quality". So this is a better solution than completelly disabling firewall
d) there may be some applications generally, that enable firewall (or NAP for instance). If you want to configure firewall forcibly, use either local GPO or a domain based GPO instead.