windows firewall - how much delay introduce, how safe to turn off?

Question

I have a server that used for high-frequency trading. That means that even 0.1 ms is important. I have up to 10 MBit/s data traffic. I need certain UDP ports to be opened because I receive data via multicast.

Now I don't know what should I do:

• just open ports that I need in Windows firewall and be secured but slow

• just disable Windows firewall and be unsecured but fast

• I am in LAN and server is not used for anything else than trading so it's probably OK to turn-of firewall

• From other hand how much delay firewall introduces? Probably this delays are not important for me?

Answer 1

1. You must test for yourself as there are a lot of variables which can effect it.
2. Setting Windows firewall to "off" does not really turn it off. Elements of it still run and can still create substantial performance bottlenecks. To truly disable it, and thereby eliminate all of the latency it adds, you must disable it and all of its components at the services level. That can create some unintended side effects and stability issues so do not do this unless your testing from #1 shows a significant difference.
3. If your system is connected in any way to a public network, make sure it is behind a real (hardware) firewall before you think about disabling Windows Firewall. Hardware firewalls typically produce less overhead than software, and better vendors will have statistics about the latency introduced by their products. Better firewalls also allow you to select how much analysis should be done, and thereby control how much latency they add.

Answer 2

If ...

• Your system is on a LAN segregated from other LANs and the Internet by a hardware firewall, and
• Your system is on a LAN with other "trusted" systems.

... then I would feel comfortable disabling the Windows Firewall.