This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question about Sophos Endpoint Firewall & Windows 10 native Firewall

Hi there,

I'm wondering if anyone could clarify the proper configuration when using Windows 10 (enterprise) with the Sophos Endpoint & Control Firewall (Enterprise Console Managed)

If I wanted to enforce the use of the Sophos Firewall, how should the Windows firewall be configured from a group policy perspective - so that one firewall is not clashing/negating the rules of the other.
Assume that I wanted my firewall rules managed at the one point via the SEC, but do I set with windows firewall to be on and states set to unconfigured, or do I set the firewall rules to allow all traffic for 'domain, private and public' profiles.

What I don't want to end up with, is a scenario where, say, windows firewall is set to allow all traffic and Sophos Firewall is being bypass because of the 'allow all rule'

Any guidance you can provide would be appreciated.

PD



This thread was automatically locked due to age.
Parents
  • Hello PD,

    generally I'd not use them together.
    SCF (with version 3.x) has lost some functionality since Windows 8 due to architectural changes in Windows. AFAIK it also lost the dual location capability in Windows 10. Still it has some advantages, but mainly management and checksums they require strict change management though and clash with automatic application updates). Please see also the Best Practice article for features no longer available.

    I have no experience with Windows 10 + SCF but if I'd want to use SCF I'd turn the Windows Firewall off - especially when GPOs and defaults (not configured) are involved. What would the use or benefit of On+Allow all be?

    Just my two cents though
    Christian

Reply
  • Hello PD,

    generally I'd not use them together.
    SCF (with version 3.x) has lost some functionality since Windows 8 due to architectural changes in Windows. AFAIK it also lost the dual location capability in Windows 10. Still it has some advantages, but mainly management and checksums they require strict change management though and clash with automatic application updates). Please see also the Best Practice article for features no longer available.

    I have no experience with Windows 10 + SCF but if I'd want to use SCF I'd turn the Windows Firewall off - especially when GPOs and defaults (not configured) are involved. What would the use or benefit of On+Allow all be?

    Just my two cents though
    Christian

Children
  • Thanks for the update Christian, 

    I've seen issues in the past with having the Windows Firewall configured to disabled, but I think that may have been due to cases where the service is stopped - as that appeared to affect the networking components of the OS. 

    As for the comment about W/F configured on+allow, it was really just a train of thought as it wasn't clear how the OS controlled the operation of two firewalls on the one device - but I guess it needs more investigation to determine if deploying SCF is the right course of action - the dual location was a big feature for me, if this is lost with W10, then maybe SCF isn't the right path to take.

     

    Thanks for the feedback