Endpoint Protection Small Business Edition

 View Only

  • 1.  Windows Firewall vs SEP Firewall??

    Posted Mar 07, 2014 02:59 PM

    I'm evaluating SEP 12.1 for Windows Server 2011 Essentials (basically Server 2008R2) and I'd like feedback on how SEP's firewall compares to Windows firewall. I've read a few other posts on this topice but a lot of the posts seem to reference the XP firewall and confuse SPI with IDP. From what I understand, Windows Firewall is just as good as the Symantec Firewall for the following reasons.

    CLARIFICATION

    I am only comparing the SPI Firewall aspect of SEP. I realize that windows does not perform deep packet inspection. (Correct me if I'm wrong) Symantec Firewall is separate from NTP (Intrusion Detection/Deep Packet Inspection). I'd like to use the Windows firewall and the Symantec NTP.

    Here's my comparison between Windows and SEP (please add your thoughts and correct any of my misconceptions)

    • Both the Windows and SEP are stateful
    • Both provide inbound and outbound rules
    • Both are centrally managed (Windows through Group Policy/Symantec through SEP Manager)
    • Both allow logging (SEP reporting [again for SPI not NTP/IDP] is probably a little more user friendly)
    • Windows firewall is better integrated with Windows (obviously)

     

    The only advantage I can find for SEP is its better reporting. As far as protection goes, both seem to be equal (SPI firewalls are pretty basic now). What's the advantage of SEP's SPI firewall over Windows'?

     

    Thanks for the feedback



  • 2.  RE: Windows Firewall vs SEP Firewall??

    Posted Mar 07, 2014 03:05 PM

    SEP fw has much better reporting and centralized manageability. Windows fw is controlled via GPO and AFAIK it's a set it and forget with little visibility into getting logs/reports back.

    Yes, in 12.1 the fw component is separated from the IPS component.

    You can use Windows fw and only the SEP IPS if you wish.

    Here is a document that may help:

    Best Practices for using Windows Firewall with Symantec Endpoint Protection 12.1



  • 3.  RE: Windows Firewall vs SEP Firewall??

    Posted May 12, 2014 03:41 PM

    Need any more assistance with this?



  • 4.  RE: Windows Firewall vs SEP Firewall??

    Trusted Advisor
    Posted May 12, 2014 09:50 PM

    Hello,

    Things you have mentioned is correct and valid points however have a look at these links as well

    It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance. 

    To prevent this situation, SEP's installer automatically detects and disables Windows firewalls that are enabled. (The exception is, of course, if a custom install package is created which does not include NTP. If this Symantec firewall is not included in the install, an active Windows Firewall will not be disabled during install.)

    Check these Articles:

    'About Windows Firewall and Symantec Endpoint Protection's NTP'

    http://www.symantec.com/docs/TECH97986

    SEP firewall Whitepaper

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121714495348

    Check these discussions

    https://www-secure.symantec.com/connect/forums/windows-firewall-vs-symantec-endpoint-network-threat-protection-firewall

    https://www-secure.symantec.com/connect/forums/sep-friewall-vs-windows-firewall