Video Screencast Help

Windows Firewall vs Symantec Endpoint Network Threat Protection Firewall?

Created: 22 Apr 2009 • Updated: 06 Oct 2010 | 16 comments

what are the pros/ cons using either firewall in a managed environment? 

Comments 16 CommentsJump to latest comment

JRV's picture

My 2 cents...

Early on (MR2-ish), I had the SEP firewall break enough stuff that I quickly removed it in favor of Windows Firewall, and focused on just getting AV/AS running. Probably better now.

One big plus--PROVIDED YOUR USERS DON'T RUN AS ADMINISTRATORS--is that the Windows Firewall config can be managed by Setup programs, or WMI scripts. This is done by more and more software vendors (including Symantec). SEP's firewall either isn't configurable by 3rd parties, or isn't supported by any or many 3rd parties. However, if your users run with elevated credentials<shiver>, the Windows Firewall API is a liability, because malware they run can (and will) disable the firewall, or open ports.

The Windows 5.x firewall only controls inbound connections. SEP's supports inbound & (optionally) outbound connections, which is obviously superior. So if you have Win 5.x clients and want outbound control, SEP is your choice. However, Windows 6.x also (optionally) controls outbound connections.

Windows Firewall is controllable by Group Policy, but configuration is pretty arcane, and typos can really do you in. SEP's firewall has a much better point-and-click GUI.

Symantec has scored some points recently by being able to handle multiple attack vectors as with Conficker by having their firewall integrated with their AV. Windows Firewall can't respond dynamically to threats.

I've not personally encountered a machine compromised through a properly configured Windows Firewall, though others may have. Until that becomes a widespread problem, I'll consider the risk of its continued use manageable. Someday I'll be brave enough to try SEP's firewall again. If Windows' Firewall's configuration API can be redirected to SEP so that applications can leverage it to make their own exceptions, or if Symantec adds an API that 3rd parties (including Microsoft) support, that would remove a considerable obstacle.

Paul Mapacpac's picture

I guess both are same since they are both fw's. The only advantage is with NTP because of reporting, logging, control, and interaction with other symantec components.

Vikram Kumar-SAV to SEP's picture

The biggest advantage of NTP is Intrusion Prevention that block most of the threats in first place.
The Network Activity shows you what going on in the computer.
Any firewall is configurable if you configure it will be your friend.
Symantec Endpoint Firewall is far more better than Windows Firewall.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.

vikram3500's picture

 As far as I am concerned it is a single agent, single management console, single point of resource availability for looking up all issues and acting on them quicker. Otherwise, apple to apple, they both perform similar functionality

binayak's picture

You can't have two firewalls running on the same machine. For collecting log reports as well as creating reports SEP depeds on its NTP Firewall settings. You can turn on the Windows Firewall feature also, but in that case I think you will not get proper IDS or IPS report from SEP Management Console.

Maximilian's picture

The XP firewall is easy to use for a standalone managed PC. You do not need much skill to enable it or maintain it unless you want to make advanced rules.

However there is no easy way for an administrator to know that the firewall is turned on and configured properly. You can manage it through the group policy but still there is no central tool for monitoring or reporting the XP SP2 firewall.

With SEP you know there is a complete different story. Central management, Reporting, logs etc. You have complete control over the client (in theory anyway, it still has quite some bugs).

With SEP you can also choose which parts of the firewall should be centrally managed and which should be local (from the pc).

Ajit Jha's picture

If Windows firewall would have been that great then Microsoft would have not released ISA and Forefront.  Symantec has got lots of option to configure in it.


Ajit Jha

Technical Consultant


binayak's picture

You are right samiron7567 and Ajitjha.  Definitely there will be no comparison between Symantec Firewall and Windows default firewall. Symantec Firewall has lots of features than Windows.

Bijay.Swain's picture

SEP has a centralized firewall but windows has a atandalone firewall.

SEP has more control on rules while windows has less.

mon_raralio's picture

Windows firewall is like a basic option just to give it at least some form of protection. To allow/block applications access to other resources. It does not do well in detecting intrusions which is the primary concern.

“Your most unhappy customers are your greatest source of learning.”

ezJurgen's picture

After reading all this I dared to give a shot again. I hope its not in my foot :).

I installed SEP NTP on the server as well, According the SBS 2003 best practice although its a SBS 2008. Just created a client package with NTP enabled. I'll install it later today. If I find any problems I'll post them here.

Dont forget to disable the windows firewall using Group Policies.

Best to keep the firewall itself active on the SBS, just uncheck the LAN's  it suposed to protect. This way the security tag/flag displays a green check mark.

ezJurgen's picture

With all modules installed, the clients go in to disabled mode, leaving realtime scanning disabled. Windows 7 clients do fine. After installing a windows XP client wit all modyules but the firewall, it does enable both modules and give the green 'connection' icon. SO it seems the Symantec Firewall blocks some management traffic out of the box. Is this also your experience? if so, rather annoying that Symantec did not find this

sbertram87's picture

Pro for Symantec is less buggy and less likely to be attachted by virues

Srinivas.dskc's picture

window firewall has less options than Symantec firwall.

System Administrator

Srinivas.dskc's picture

window firewall has less options than Symantec firwall.

System Administrator