For those of you that have lots of Windows 7 [8 and Vista] be aware that the native firewall has a great deal of granularity assuming that you have the ability to exploit that granularity. So Yes it is VERY powerful once you look under the covers to discovery a very rich world of options and controls. By default the Windows firewall BLOCKS peer to peer connections that span subnets -- so if you were not aware of that aspect and set up your USG to enable subnet access for some Windows devices -- those device would not be accessible across subnets regardless how you may have enabled your USG firewall. The wrong thing to do is to turn the Windows Firewall OFF because the firewall does a great deal MORE to protect you from a ton of stuff. The better way is to learn more about how the firewall works and its interaction with your Routers Firewall.
Also, the Windows firewall has a Public facing aspect and a Private facing aspect that you MUST become aware of otherwise you'll get screwed. :)
[att=1]
The subject is in fact not trivial and can be somewhat complex [intimidating] for those that do not want to learn ... following graphic shows how to ID Incoming connection scope example that enables intra-zone communication for a SPECIFIC workstation ability to access another workstation/server resource sitting in another subnet on the LAN.
[att=2]
NOW why am I posting this? Well I spent 2.5 hours on the phone with ZyXEL support the other day cause I had a specific problem where One workstation would refuse to communicate with another workstation .... and I had forgotten to turn off the Windows Firewall PRIVATE network scope for propose of testing which blocked my access. The very patient ZyXEL support person finally identified that we needed to turn off the PRIVATE side which he assumed I had in fact done --- talk about feeling stupid. :(
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business
↧