In the last couple of weeks some of our customers repeatedly had strange problems with a disabled firewall service.
Do not disable the service of Windows Firewall. Better switch the “Firewall state” to off instead.
Deactivated Windows Firewall service
I had to realize that you should better not deactivate the service on a Windows Server 2008 R2 because it causes problems with applications and features.
And these do not necessarily show immediately.
Some applications that may cause trouble:
- Failover Clustering
- Advanced Group Policy Management
Completely disable firewall – not only the service
If you want to deactivate the internal ‘Windows Firewall’, do not simply “deactivate” the service.
Instead, switch the ‘Firewall state’ to ‘Off’ for the respective firewall profiles (see screenshot).
Microsoft explains the issues in the guide “Step-by-Step Guide: Deploying Windows Firewall an IPSec Policies” as follows:
Caution: Do not disable the firewall by stopping the Windows Firewall (MpsSvc) service. Because the Windows Firewall service also implements Windows Service Hardening, which provides additional protections for other Windows services, Microsoft does not support disabling the Windows Firewall service. Instead, use the interface shown here in the Windows Firewall with Advances Security MMC snap-in.