Windows Firewall behind a network domain

80 pts.
End user security
Microsoft Windows XP
Is there ever a time when Windows XP Firewall be turned off? e.g should it be when the PC/notebook resides within a company domain? Or is it the case that it simply doesn't matter?

Answer Wiki

Thanks. We'll let you know when a new response is added.

The purpose of a firewall is to filter, check and control the inward and outward access to an organization’s network, especially the access trials from outside to inside. There is no point in turning it off ever as its whole purpose will get defeated. Even when the PC/notebook resides within a company domain, there are innumerous chances of attacking the domain by outsiders/hackers via different ports accessible.
Think of a medieval castle and all of the defensive/protective boundaries it had to protect the inhabitants. The current information security terminology is layered security or defense in depth. The firewall on a laptop is another protective layer in the defensive strategy of an individual or organization to protect the confidentiality, integrity & availability of the device, information on the device and services it provides. You and your organization have to determine the value of the protective layers and decide what works best in your situation.


For increased firewall performance, I would suggest buying a commercial firewall. It’s hardware and software, single purpose, for filtering what goes in and out.

Even with that protection, I would NOT turn of Windows Firewall. The more security, the safer you are. Two defenses are better than one.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Jam
    Thanks for the swift responce. As our company regularly rolls out patches, updates,etc it seems the windows firewall has the effect of blocking the patch from uploading. The only way around this is to turn the firewall off and as updates are rolled out as and when the consensus was to leave the firewall turned off. Would this be considered as bad practice?
    80 pointsBadges:
  • Labnuke99
    Sounds like patch distribution is not working well if the firewall has to be disabled for updates. I would suggest that the IT security group needs to rethink their distribution method and find a more effective way of handing out updates. Microsoft's WSUS or Systems Center Configuration Manager should not require the firewall to be disabled. The firewall should be configured with the appropriate rules to permit updates from authorized sources.
    32,960 pointsBadges:
  • Jaideep Khanduja
    Are you using a 3rd party security solution along with the windows firewall enabled on the system, if that is the case, the two firewalls are conflicting and hence this issue. Since the function of firewall is well being done by the 3rd party firewall, disabling windows firewall will not hurt any PCs sentiments but enhance the performance and user will not have to encounter abrupt ‘failure of patch update’ messages.
    19,575 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: