To clarify, there is a difference between “turning off” the WIN 7 firewall and disabling it. MS never recommends disabling the WIN 7 firewall service since it is needed to support IPSec and VPN transmissions if required.
I don’t believe there is a difference in disabling or switching off, I believe it is either on or off no in between. I don’t see any disable option when checking the windows XP or Win7 firewalls (which I have off, using Outpost Firewall) and nothing in the help about disabling it.
In fact if you open the XP or win7 Firewall there is only Turn the windows firewall on of off.
This is getting a little off topic…but, if a user has an active third party firewall (OA Free, Private Firewall Free or Outpost Firewall Free) wouldn’t that cover VPN and IPsec pretty well? ???
Just asking.
The VPN and IPSec are independent of your firewall, I have the XP firewall disabled as I have Outpost Pro and for me the IPSEC service is still started automatically and running, see image.
So this kind of negates what Mayura mentioned in in his post above on switching off the XP firewall.
@ DavidR
This may not be related to all the topic above, but still, even if I deactivate Windows Firewall trough security center, I got Firewall service running and automatic in services.msc. So, should I also stop that service if running a third party firewall ?
Generally the third party firewall should take care of whatever needs disabling, with the known exception of the avast! Internet Security firewall as it is compatible.
If you actually read what that service name says “Windows Firewall/Internet Connection Sharing (ICS)” it is also required for Internet Connection Sharing (ICS), so perhaps that is why it is still enabled.
Thank you. That’s what I thought.
You’re welcome.
Note the bold section below. Again, turning off the Win firewall via the Security Center is perfectly fine when using a third party firewall. However, never disable the firewall service if you plan on using IPSec.
[i] Dusty Harper [MSFT]
Microsoft Corporation
2,060 Recent Achievements 10 2 0 Proposed Answerer I Forums Replies III Forums Answerer II Dusty Harper [MSFT]'s threads View Profile Microsoft Corporation2,060 Moderator
2Sign In to Vote
If you decide to turn off the Windows Firewall, you need to make sure you disable it in the proper manner, otherwise you will have persistent filters affecting your traffic. In the Windows Firewall control panel (firewall.cpl), make sure you select ‘Turn Windows Firewall on or off’ and select ‘Off (Not Recommended)’. Alternatively you can use netsh.exe and run
‘Netsh.exe AdvFirewall Set CurrentProfile State Off’.
MPSSvc is a required service for IPsec Policy to continue to function. It also just happens to house Windows Firewall functionality as well. If using IPsec, do not turn off this service. Additionally if you do not turn off Windows Firewall, and just stop this service, you will be hit with Windows Firewall’s persistent policy (hence the reason to disable the firewall as stated above).
Not also that there is a period of time when you start your machine and TCPIP.sys is loaded until the BFE service successfully starts. This is known as boottime. This period of time will enforce any boottime filters on the box, but will stop enforcing them when BFE starts successfully.
You can programmatically add filters to Windows Firewall to explicitly allow the traffic you are seeing blocked.
http://msdn.microsoft.com/en-us/library/aa366453.aspx is a good place to start for this.
I hope this helps.
[/i]