I manage servers with a group of other administrators. The established practice is to create local IP Security Policies AND utilize Windows Firewall with Advanced Security. My understanding is that the WFAS has IPSec built into it, and the reason for the existence of abstracted IPSec policies is rooted in the need for that functionality before it was available in the firewall (XP days). My colleagues like the extra layer and claim it provides added security in the event one fails. Can anyone detail information relevant to this topic? How do the two sets of policy interact? Is there a chance one could fail and the other not? Any information is appreciated.
Thank you!