Turning Off the Firewall with Hardware Firewall Device RRS feed

  • Question

  • I have hardware firewall devices at home and at my office. My IT person reassures me that we do not need to use an additional software firewall in these locations.
    When I leave the Live OneCare Firewall enabled I have problems with connectivity within my LAN, with Terminal Server Connections, etc. I am constantly opening ports and new connectivity problems crop up every day. So I leave the fireall off at home and at the office. This brings warnings, etc.
    Why not make the OneCare software smart enough to either allow a setting to disable the firewall or better yet, to pass everything when connected through specified routers (by SSID or mac-address?).
    As soon as the computer links to an SSID that is not safe and specified for open connectivity, the firewall would be automatically reenabled with a popup notification.
    The other utility software (or built-in feature) that I would love to have available for Vista or Win 7 when available, is a TCP/IP configuration utility to automatically apply TCP/IP profiles when a loptop connects to an SSID that has been configured with a profile. There are 2 freeware programs available but both seem to have problem with Vista32 business. Seems like some part of the profile sticks and will not be released during the configuration change. Perhaps this is intended but a reboot is usally needed before Vista's TCP/IP stack will release or renew a gateway IP address for example.
    The best place to incorporate a fully functional TCP/IP profile auto-switch would be built into a software firewall program.
    I like LiveCare and think it a bargain for the price/yr. It is too bare bones for the corporate user on a laptop, however. Have you considered a more expensive but more capable version for the business user? 
    Sunday, February 22, 2009 4:56 PM


  • You cannot turn off the OneCare firewall without having OneCare complain and turn red - at risk status.

    OneCare will no longer be sold after the end of the year, though subscriptions will be supported through the end of term or end of 2010, so I don't anticipate any changes to OneCare's firewall.

    For the record, your IT person is only partially correct. A software firewall protects the PC from software that has managed to make it to the PC that requests network access. It also protects the PC from other PCs that reside within the network, behind the hardware firewall. A hardware firewall protects all PCs that reside behind it from attack from the Internet (assuming it is properly configured) and prevents some outbound access, again based on rules on the device. A software firewall, however, can present problems as you've encountered that require configuring it for certain applications. And, certain VPN software just won't work with OneCare's firewall, no matter how you configure it, due to both the VPN software and the firewall manipulating the network stack for their own purposes, but at odds with each other.


    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Monday, February 23, 2009 1:37 PM