locked
Server 2012 firewall to block all incoming traffic based on available computing resources RRS feed

  • Question

  • I am setting up a network commander, which main role is to run heavy calculation tasks, with windows server 2012 R2 firewall turned on. There is no other computer on the network. The computer is only set up as a network commander to use windows HPC job batch manager (requirement).
    This computer only needs to communicate with the rest of the world when it has finished its heavy calculation tasks.
    I'd like to set up my server 2012 firewall to block all traffic when the computer is running heavy calculation.

    Scenario 1-I use Windows System Resource Manager to give priority to the computing tasks
    During a calculation task, what will happen when the firewall doesn't have sufficient computing resources allocated to it:
    -Does it simply block all traffic until compute resources are available again?
    -Does this lack of resources create a security risk? or is security actually enhanced?

    scenario 2-I automaticaly STOP the windows firewall service  when using the computer for heavy calculation task. I understand this is an unsupported state.
    http://www.dell.com/support/article/au/en/aubsd1/SLN156677 says that the computer "will appear to other machines as though the server has been disconnected from the network", which is exactly the behavior I am seeking. I understand it doesn't get safer than this.
    but https://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx in CAUTION at the bottom of the page says that TURNING OFF the firewall service exposes my network to  "attacks that employ network fingerprinting". Is this also the case if I STOP the service?

    Should I just try the above scenarios and run intrusion testing for both scenarios and see what happens?


    Tuesday, May 17, 2016 8:52 PM

Answers

  • Hi  Francois,

    Typically,the firewall will block all incoming traffic with your configuration when it work properly.Unless the firewall has been stopped or no  responding.Of course it will create a security risk.

    In your case,we suggest that upgrade hardware to provide both of security and high-performance.If you couldn't do that and want to use this computer anyway.We prefer you to try scenario 1 first.


    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, May 18, 2016 5:46 AM

All replies

  • Hi  Francois,

    Typically,the firewall will block all incoming traffic with your configuration when it work properly.Unless the firewall has been stopped or no  responding.Of course it will create a security risk.

    In your case,we suggest that upgrade hardware to provide both of security and high-performance.If you couldn't do that and want to use this computer anyway.We prefer you to try scenario 1 first.


    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, May 18, 2016 5:46 AM
  • Hi cartman, Ok thanks for your answer.
    Wednesday, June 8, 2016 6:50 AM