Re: Firewall question.

From: Duane Arnold (
Date: 05/02/04

Date: Sun, 02 May 2004 08:47:47 GMT

"Bob" <> wrote in news:CA%kc.1527$a47.1023

> Hello,
> I have a question for you all please.
> I have been running the XP firewall, but now have a firewall made by
> Sygate. Do I need to turn off the one in XP, or is it OK to run them
> for the added protection?
> I have heard both, but I thought that a few of you guy who seem to
> know your stuff in here might be able to give me the correct answer.
> Thanks,
> Bob

If you want to run two, then run one that has many of the FW like
features and does more than the XP ICF that's on the O/S. Malware can
take down any third party host based FW easily, but it's hard to take
down IPsec, since it's integrated with the O/S.

In addition to this, XP's FW upon the release of SP 2 will have
application control that will bring XP's FW on par with third party host
based FW(s).

Currently, IPsec will get to the TCP/IP connection first at boot and XP's
SP 2 FW will also get to the TCP/IP connection at boot.

At boot is a vulnerable situation for a machine with a third party FW
solution installed, since malware will beat any of them to the TCP/IP
connection and be done by the time any of them can get there and stop it.

All you have to do is implement the AnalogX Secpol file and you're
covered. The POP3, HTTP etc, etc for the *client* are already configured.

You may want to look at *Protecting against Denial of Service Attacks*
being discussed in the link.

On the other hand, you may want to get a cheap NAT router and use Sygate
and IPsec behind it to supplement, like I do with the NAT router BlackIce
and IPsec on all machines.

A cheap NAT router cost as much as you have paid for Sygate, if not the
free one, because a NAT router stops everything in front of the machine
and the O/S and the FW will not react -- the true *stealth* part in a *I
am stealth* statement. :)

Duane :)


Relevant Pages

  • Re: Firewall- is it creating problems
    ... I have used Sygate before on a couple of computers without any problems. ... are using a NAT router you could disable it. ... I also recently installed Sygate free firewall. ... connectionevery 20-30 minutes, requiring a reboot. ...
  • Re: Hardware, software or both?
    ... > checking the Sygate Personal firewall and like it a lot. ... You can get a cheap NAT router that will catch most attacks before it ... Think layered protection and not depend on one single element is going to ...
  • Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... Or go to IPsec that's on the ... > XP O/S to stop inbound and outbound connections by port, protocol, IP ... > etc. etc to supplemnt Sygate or a NAT router in that area. ...
  • Re: firewalls
    ... but a cheap NAT router will do every ... thing that you need if your are using Sygate. ... Some NAT devices allow you to block ... If you want a real firewall, not just a NAT router, they start around ...
  • Re: Starting firewall-service before net-service
    ... My Pc get viruses in that short time. ... how do i start the firewall before my pc goes into the ... You can use Sygate behind the NAT router if you like. ...