Even if you are running an internal network, it is still recommended to run Windows Firewall always ON. You still have to control the traffic between all devices. You simply allow uncontrolled traffic flow by keeping firewall disabled and unintentionally expose services that should not be exposed and greatly increase attack surface. Private network doesn't automatically mean that it is secure. Private network means that it can be controlled by you. And whenever you need to expose a network application/service, you configure exceptions in firewall.
What is the purpose of enabling Windows Server internal firewall for internal AD Domain servers?
EnterpriseArchitect
5,406
Reputation points
People,
I wonder if enabling the internal Windows Server firewall feature is going to be very helpful or not ?
Because I must also create the firewall rule to allow RDP on port 3389 and ICMP ping and also the WMI for the PowerShell remoting feature for all of my servers internally.
I assume that for every Microsoft server role enabled like Domain Controllers, ADFS, File Servers, Terminal Servers and SQL Server for example, the Windows Server firewall rule is already updated to allow the required ports and protocol required.
Any help and comments would be greatly appreciated.