What is the difference between having the Windows XP
Firewall enabled when it is connected by a router that
has NAT protection?

Any added protection?

In article >, "Ben"
> wrote:
>What is the difference between having the Windows XP
>Firewall enabled when it is connected by a router that
>has NAT protection?
>
>Any added protection?

Let's talk about three different firewalls:

1. The NAT router.

2. Internet Connection Firewall (ICF) in the original version and the
Service Pack 1 version of Windows XP.

3. Windows Firewall (WF) in the Service Pack 2 version of Windows XP.

All of them protect your computer from undesired access by other
people on the Internet.

ICF was designed for use on a direct modem connection to the Internet
(dial-up, DSL, or cable), not on a local area network connection to
your other computers. By default, it blocks all unsolicited incoming
traffic, including file and printer sharing between your computers.

WF was designed for use on all types of connections. When enabled
with exceptions, it allows file and printer sharing with between your
computers but blocks other unsolicited incoming traffic between them.
If one of your computers becomes infected with a network worm like
Blaster, WF can prevent the worm from spreading to your other
computers.

So, for computers behind a NAT router, I recommend:

1. Don't enable ICF on XP original or Service Pack 1.

2. Do enable WF on XP Service Pack 2.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com