Published: February 24, 2011
Applies To: Windows Small Business Server 2011 Standard
A firewall helps screen out malicious users, viruses, and worms that try to access your network from the Internet. For a small business environment, a firewall is the most effective and important first step you can take to help protect your network.
Firewalls can be hardware or software, and they help prevent unauthorized access to your local area network (LAN) from the Internet by blocking incoming network traffic that is attempting to use a port that is not open. It is recommended that you close all ports on the firewall that are not required by applications and services that are running on your network. A firewall hides information on your LAN from the Internet, such as computer names, network topology, and network device types. A firewall can also log traffic to and from the LAN.
Hardware firewalls are easy to use and install. One of the real benefits of a hardware firewall is that it comes bundled with additional services. Your hardware firewall might also act as a router or Internet gateway device (IGD), and as a switch.
During installation, Windows SBS 2011 Standard attempts to discover and set up your router. Most of the available low-cost or business-class routers that are UPnP certified are compatible with Windows SBS 2011 Standard. For a list of routers that are compatible with Windows SBS 2011 Standard, see the Windows Server Catalog.
Server software firewall
Windows Firewall, which is included with Windows SBS 2011 Standard, is a software firewall. It is turned on by default and begins protecting your server when the installation begins. When it is properly configured, Windows Firewall can stop many kinds of malicious software (malware) before it infects your server or the other computers on your network.
The Windows Firewall helps protect your server by preventing unwanted inbound network traffic from accessing the server. The firewall also helps prevent unauthorized network traffic from leaving the local network, and it restricts other operating system resources if they behave in unexpected ways, which is a common indicator of the presence of malware. For example, if a component of Windows SBS 2011 Standard that is designed to send network messages over a given port on your server tries to send messages through a different port due to an attack, Windows Firewall can prevent that message from leaving your server. This prevents the malware from spreading to other computers on your network.
Client software firewall
Client computers on the network can become infected through a separate Internet connection, such as a laptop that is used on your internal network and on public networks. Or a virus can be introduced to a computer on your network, for example, from email, Web browsing, or software that is installed from an external storage device. To help protect your internal network, when client computers join the local domain, Windows SBS 2011 Standard uses Group Policy settings to configure the firewall on each client computer.