Re: Enable firewall on ISPs VPN?

From: Stephen Poley (sbpoley_at_xs4all.nl)
Date: 09/06/03

• Next message: Johnny Nielsen: "Personal firewall with no user-interaction"
• Previous message: Vincent Fatica: "Re: BlackIce ... seen this?"
• In reply to: Frank Slootweg: "Enable firewall on ISPs VPN?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 06 Sep 2003 16:48:23 +0200

On Fri, 05 Sep 2003 14:35:12 GMT, Frank Slootweg
<this@ddress.is.invalid> wrote:

> I have a cable connection to my ISP (Casema/Wanadoo in The
>Netherlands).
>
> The connection to my ISP uses a (L2TP, Level 2 Tunnel Protocol) VPN,
>so when I am connected, I have two IP addresses/'adapters', the normal
>LAN card and the VPN.
>
> Windows XP's Help facility says not to enable the firewall (XP's
>Internet Connection Firewall) on the VPN: "You should not enable ICF on
>VPN connections because it will interfere with the operation of file
>sharing and other VPN functions."
>
> However if I only enable the firewall on the real LAN card, I see
>hardly anything in the logs (mainly the UDP connection from my system to
>the VPN server), but when I also enable the firewall on the VPN, I see
>'everything', i.e. both good activity like (outbound) mail/News/web
>server connections and 'bad' activity like inbound ping/ICMP requests.
>
> So should I enable the firewall on the VPN or not?

VPNs are normally between mutually trusted machines which are together
behind one or more firewalls. That doesn't seem to be the case here, and
you almost certainly need a firewall. If the XP ICF gives problems (and
perhaps even if it doesn't - I don't think I'd trust a Microsoft
security product very far) try another firewall such as Kerio or Sygate.
 

-- 
Stephen Poley
Barendrecht, Holland

---

• Next message: Johnny Nielsen: "Personal firewall with no user-interaction"
• Previous message: Vincent Fatica: "Re: BlackIce ... seen this?"
• In reply to: Frank Slootweg: "Enable firewall on ISPs VPN?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Firewalls on VPNs - Best Practice Advice ... Please help me know if you want to make the IT person manage the remote DC ... | previously been advised that Firewalling VPN ... | connections is not recommended, I've turned off Windows Firewall ... (microsoft.public.windowsxp.work_remotely) Re: VPN and XP SP2 woes ... XP firewall is turned off globally. ... Per the SOP from my employer, to set up VPN connections into their network, ... >> rights. ... (microsoft.public.windowsxp.help_and_support) Re: Remote Users ... > I'm in the process of securing my companies network and have a query. ... > firewall and allowed only SMTP & VPN in. ... Home based users have VPN ... > connections from a hardware firewall on there ADSL connections with ... (Security-Basics) Re: cant access server via remote desktop ... > into the Remote Desktop window when attempting to connect. ... >> while on the VPN is "The client could not connect to the remote computer. ... >> Remote connections might not be enabled or the computer might be too busy ... >> when I am not on the VPN and am inside the firewall. ... (microsoft.public.windows.server.networking) Re: Enable firewall on ISPs VPN? ... > I have a cable connection to my ISP (Casema/Wanadoo in The ... > LAN card and the VPN. ... > However if I only enable the firewall on the real LAN card, ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-09