Announcement

Collapse
No announcement yet.

CCS Firewall, who uses it? And what is your experience?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • CCS Firewall, who uses it? And what is your experience?

    We have a wide variety of customers using CCS/AEP; and all of them are happy with it except when it comes to the firewall section......

    I know this post is subjective and a touchy subject, but we would like to get some honest feedback on: -
    1. Do you use the firewall?
    2. Do you have issues with the firewall?
    3. What would you like from the firewall?
    4. Would you like the firewall replaced with "Windows Application Firewall" & "IPTables" Management instead?
    Robin
    Director
    Strobe Technologies Ltd
    https://www.strobe-it.co.uk/

  • #2
    here are our answers: -

    Do you use the firewall?
    We do on about 30% of the clients, but this is reducing all the time due to constant issues.


    Do you have issues with the firewall?
    Yes, lots of issues; here are a few..
    • Cannot create simple easy rules as control panel profile settings too complicated.
    • Basic functions like Peer-to-Peer printer and file sharing does not work.
    • When firewall is working; you often cannot get DOS/CLI or other applications to be allowed to access network (other components accept allow rules)
    • Network card driver updates can kill the firewall requiring a reboot or re-install of CCS


    What would you like from the firewall?
    A firewall that gives you a simple and complete configuration setup like a firewall should.
    So for instance you create an inbound for a pre-defined service like FTP or a port like TCP 21.
    Obviously you need to be able to create services, so for instance 3CX telephone server requires port TCP 5001 for management and many others for calls. You could create a 3CX service which has many requirements on TCP, UDP and ICMP etc.

    Rules should allow you to specify local network (trusted as in Windows configured as Home or Home, not public) allowing rules to be applied across many different businesses with ease.


    Would you like the firewall replaced with "Windows Application Firewall" & "IPTables" Management instead?
    Being honest, yes!
    I say this has Linux Community and Microsoft know their networking stacks better than antivirus companies.
    Having your AV company manage and deploy rules into these firewalls would be an excellent move as you know your not going to get any conflicts taking down your business networks.



    At the end of the day; I do not mind Comodo firewall if it worked 100% as it was configured and actually had the ability to be configured well/correctly.
    Robin
    Director
    Strobe Technologies Ltd
    https://www.strobe-it.co.uk/

    Comment


    • #3
      Just disabled the firewall via the profile on all our clients until the problem with CCS 11.2 is sorted (obv not ideal).. This issue has made me consider if the firewall is worth reenabling due to concern of apparent recurring issues with it.
      Last edited by Ed_Johnson; 04-15-2019, 09:28 PM.

      Comment


      • #4
        Would this effect a Mac client who isnt running CCS somehow?

        Comment


        • #5
          Velvis ,

          This will not. Our Development Team confirmed that this issue only affects Windows Endpoints.

          Comment


          • #6
            This pretty much echo's the responses above but here is some feedback
            1. Do you use the firewall?
              1. No even in testing there were too many problems (either stability or performance)
            2. Do you have issues with the firewall?
              1. Anytime I have used it (one Windows 10, 7, Server 2008/2016) the biggest issue was a huge hit to performance. Honestly CCS by itself really hurts performance especially endpoints with HDD vs SDD. Often, any slight change to the NIC (and even firewall settings themselvs) would cause it to hang up/freeze the NIC. Uninstalling is also hit and miss. I always have to use the removal tool.
            3. What would you like from the firewall?
              1. I don't believe the firewall is a good feature of CCS just as their has been to much history of issues. Configuration intuitiveness isn't great, though I've seen worse. Even if these issues are fixed, it will take a long time to rebuild trust in it staying that way. I think development should be shifted to just the application layer security as this is were Comodo shines (aside from performance, which could be improved). I prefer to use the windows firewall as it is sufficient when combined with CCS w/firewall off. I don't think this issue is limited to Comodo though, I don't have a lot of success with application firewalls regardless of vendor. Some better than others. I think this is a case of Windows own built-in option being the most stable and effective enough, at least in my usage scenerio's.
            4. Would you like the firewall replaced with "Windows Application Firewall" & "IPTables" Management instead?
              1. This I believe to be a great idea. Honestly I can't think of another RMM product that does this, at least without scripts or some convoluted process. Would be a fantastic addition to remote tools and profiles. +1

            Comment

            Working...
            X