Isn't ONE firewall enough?

Every time I power up my XP machine, I get the little red shield in the lower-right corner and the bubble "Your computer may be at risk...." because Windows Firewall is not turned on. But I already have a firewall in my Netgear DG8343 modem/router, and I always understood it's best not to use more than one firewall at a time, just like it's best not to use more than one AV product.

No big deal, I can kill the Windows warning every time I power up. But would it make more sense to turn Windows firewall on and not get the warning any more? Or does a double firewall make no sense?

 

It's best to have both a hardware and a software firewall. Turn your Windows firewall on (or better yet, get a third-party firewall: i.e. Kerio, Sygate, Zone Alarm). They will not conflict with one another.

 

Thanks, James. I'll try that.

 

wow,some times windows xp can not recognize your firewall so the warrning will appear everytime u loggin to the windows . i recommend to try eset smart security for anti viruse & firewall with it's good user friendly .

 

OK, I'm running both now, and I'll report back with any problems I encounter. Many thanks for your input, guys.

 

Agree with James. When XP report "Your computer may be at risk.... ", it's just prompt you turn on the software fireware.

 

Thanks for input, Nikolay.

Yes, that was clear. My misunderstanding was that I thought two firewalls running simultaneously would conflict with each other, like two anti-virus scanners, for example. Now that I understand from you guys that there's no risk of conflict, I've turned on the Windows software firewall. The one in the router/modem is in any case on by default.

Guess I can feel safer now ;-)

 

This thread appears to be about closed but I thought I would comment not just for you G.watson but for any one reading this.

If you have a cable/dsl modem (no router) connected directly to the computer then you need a robust Firewall and the windows firewall is not enough.

If you have a cable/dsl modem connected to a router then router connected to the switch/hub or computer then because of the way a NAT router works it hides your true LAN IP and makes using the Windows firewall a reasonable thing.

NOTE: some think a NAT router is a Firewall but it is not but by doing what it does it is a natural Firewall.

Now if you do have a router with built in Firewall (not all routers have Firewalls as some mistakenly think) and it is on and configured properly then the Windows Firewall is optional but I reccomend using only it.

Why not use 2 or more.

1. Likely not nessesary!
2. Extra CPU cycles degradeing performance
3. The extra layer of interaction necessary to interact with a more complex FW.
4. Some of these more complex FW's tend to cause sometimes bad slowdowns and other issues.

Now the above applies to home and very small business networks

Now if you are a bank!?

Mike

 

Great, Mike - that's really helpful! Just for clarity:

By "using only it" are you recommending using "only the Windows FW" or "only the router with built-in FW "?

 

Since you have a complex (usually stateful) Hardware Firewall then if you use another firewall it should only be the Windows Firewall!

No need to have both a good Hardware firewall and a complex software firewall say like Zone Alarm etc. No need to give up the CPU cycles and "interact/put up with" all the Zone Alarm dialog.

Now if you are totally paranoid and you don't mind giving up the cpu cycles and interacting with firewall querys all day long then by all means use a complex software firewall if you want.

My opinion: I am totally inpressed with the COMODO firewall! This is what i would recomend if you have no router at all!

Mike