What is the impact of "Stealth-mode Windows Firewall" setting on Policy Server?

Document ID : KB000021153
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The Windows Firewall Stealth Mode is set by Default on Windows 2008 R2 server : http://technet.microsoft.com/en-us/library/dd448557%28WS.10%29.aspx

Failover for Webagent connected to Policy Server Running on Windows 2008 R2 having Windows firewall enabled (Stealth mode) can take more time.

Solution:

We do support firewall Stealth mode on the Policy Server.

The Stealth mode stops the RST message on PS process shutdown, web agent will wait on timeout to happen and will take more time to detect that the Policy Server is down.

Enabling Agent side Keep alive will help on detecting the Bad connection early.

Disabling the Stealth mode flag should not affect any SiteMinder functionality.

The stealth mode can be switched off :

http://msdn.microsoft.com/en-us/library/ff720058%28v=prot.10%29.aspx