Known Issues for Optimizing Windows Firewall

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Running Windows Firewall can affect your computer's network performance by reducing the throughput, or bandwidth, that can be handled by your computer. The impact is usually minimal, unless your server handles a large amount of network traffic. In addition, if your computer primarily handles unsolicited incoming TCP traffic, the performance impact is usually minimal; however, if your computer primarily handles unsolicited incoming UDP traffic, the performance impact can be substantial. This is because short-lived connections like UDP connections require more processing than long-lived connections like TCP connections.

For example, the optimal type of connection would be a large file download that requires some early processing by Windows Firewall, but little or no processing as soon as the connection is established and the file transfer occurs. The impact of Windows Firewall on file servers and Web servers is minimal because these servers typically use TCP. In contrast, Windows Firewall can have a significant impact on a streaming media server that uses unicast broadcasts to deliver media. This is because streaming media servers typically use UDP to create a new connection to the media encoder each time a client connects to the live content stream and each of those connections must pass through Windows Firewall. Servers that are connected to the Internet and handle a high number of unsolicited incoming messages might also experience impact on network performance because although most of the messages will be blocked, Windows Firewall must still process each incoming message.

Even if your computer primarily handles UDP traffic, the impact on performance will not be that significant unless your computer's processor and network adapter are operating at close to maximum capacity. If your computer handles a substantial amount of incoming traffic when Windows Firewall is not turned on, and the network traffic is putting a high load on your processor, then Windows Firewall will impact your computer's network performance. However, this is often a symptom of poor network or infrastructure design; a problem like this one should be addressed no matter which firewall solution you use.