Share via

What is the purpose of enabling Windows Server internal firewall for internal AD Domain servers?

EnterpriseArchitect 4,846 Reputation points
2024-05-02T02:33:44.8766667+00:00

People,

I wonder if enabling the internal Windows Server firewall feature is going to be very helpful or not ?

Because I must also create the firewall rule to allow RDP on port 3389 and ICMP ping and also the WMI for the PowerShell remoting feature for all of my servers internally.

I assume that for every Microsoft server role enabled like Domain Controllers, ADFS, File Servers, Terminal Servers and SQL Server for example, the Windows Server firewall rule is already updated to allow the required ports and protocol required.

User's image

User's image

Any help and comments would be greatly appreciated.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,489 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,235 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,959 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,737 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,397 questions
0 comments
Accepted answer
  1. Vadims Podāns 9,111 Reputation points MVP
    2024-05-02T11:05:20.8533333+00:00

    Even if you are running an internal network, it is still recommended to run Windows Firewall always ON. You still have to control the traffic between all devices. You simply allow uncontrolled traffic flow by keeping firewall disabled and unintentionally expose services that should not be exposed and greatly increase attack surface. Private network doesn't automatically mean that it is secure. Private network means that it can be controlled by you. And whenever you need to expose a network application/service, you configure exceptions in firewall.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest