two fire walls


I understand that two firewalls running on a system is not a good idea.

Should I just have win XP's firewall running

or Norton's Anti virus 2005 Version Internet worm protection?

Is this Norton 'Internet worm protection' a true fire wall.

I assume I shouldn't have them both running, should I?


Reply to
Loading thread data ...



No. A firewall is the implementation of a concept where you have specified what you want to protect, from what you want to protect it, and by which means you will achieve that.


Reply to
Ansgar -59cobalt- Wiechers

Turn it off. It is just not very good.

Even that is better, though I personally prefered AVAST! before getting my nVidia on-board firewall processor going (works great).

Various ones conflict with various others in various ways. Since they all alter the way your OS works, there are bound to be conflicts. Stick with one for each protective function, and scan with more than one occasionally.

Reply to

Some say yes and some say no. What you will get from what I understand if running two personal FW(s) is a double FW situation which could block traffic that should reach the machine, which is what happened when I had BlackIce running and the XP FW was enabled due to the SP 2 update that turned on the XP FW and I didn't know that had happened.

It's no worst than the rest of them if you have it configure properly.

I think such solutions have to much snake-oil bloat ware in them but if you're happy with it, then use it.

No personal FW solution is a true FW. The personal FW is not a FW solution as it doesn't separate two networks. The network it is protecting from usually the WAN or Internet and the network it's protecting the LAN. The personal FW solution is machine level protection that protects the O/S services and Internet applications running on the machine.

If you want to run two packet filters, then use IPsec that's on that XP O/S to supplement the XP or Norton PFW solution. I use IPsec to supplement BlackIce that's running on the machine and I have no problems in doing so with a machine that has a direct connection to the Internet (no router between modem and the computer).

formatting link
I use the Analogx implementation of the IPsec rules and made my adjustments as to what I wanted to protect.

formatting link
IPsec can stop inbound or outbound traffic by port, protocol, or IP.

Here is where you need to be going to protect the XP O/S to attack if the machine has a direct connection to the Internet.

formatting link
Now if you have a choice, below a NAT router is what you should be using and you can get one that cost as much as Norton that you're paying for and it comes closer to a FW than what Norton or XP's FW does in the protection. You can use IPsec behind it to stop outbound since most can't stop outbound or Norton and I am not talking about the snake-oil worm or Application Control part of Norton but stop outbound by at least port or IP.

formatting link
Duane :)

Reply to
Duane Arnold Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.