Solved

WinSock Proxy clients behind zonealarm pro firewall

Posted on 2004-08-26
20
417 Views
Last Modified: 2008-03-17
Hello, this is the escenario, i have a nt server 4.0 server, 2 nics, one to the isp, the other one to my private network, before installing the zonealarm firewall my clients connected to internet through proxy 2.0 winsock, for example msn messenger connected ok, now that i have this firewall it doesnt. Anyone have any idea about the ports i have to allow so the Wspsrv server gets to work.
0
Comment
Question by:jcaceres
  • 7
  • 7
  • 4
  • +1
20 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908892
Zone Alarm is most likely blocking the communication in and out of the NT box, not the actual proxy server

For messenger:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887
To enable voice communications, make sure that outgoing TCP connections from port 6901 are enabled. Also enable UDP packets where either the source or the destination port is 6901.

To enable file transfers, enable both incoming and outgoing TCP connections to the 6891-6900 range of TCP ports. This allows each sender to perform up to 10 simultaneous file transfers. Note that if only TCP port 6891 is open, users are only able to perform one file transfer at a time.

To enable messaging, enable outgoing TCP connections to TCP port 1863.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11908906
Something else I found:

go into the program control options of zone alarm , click on programs scroll down to messenger and in the access column left click and a box will come up check to allow in both options trusted zone and internet zone,then everything will be cool....happy surfin!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11912848
Still not working, when i shutdown the zonealarm pro firewall my clients can connect to msn and ftp sites etc.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913003
ftp requires you open ports 20 and 21
msn probably requires ssl which is port 443

ZoneAlarm can keep a log of denied packets, check the logfile for a complete lists of ports that these programs are trying to use.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11913754
I guess this is not specificly a problem for msn, but for the winsock applications, my wsp client cant route them to internet.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 11913845
If it doesn't work when you run ZoneAlarm, but works when you disable it, then it is a ZoneAlarm configuration problem.  99% of what ZoneAlarm is all about is blocking ports.  You need to open them.

try opening ports 20, 21, 23, 53, 80, 137, 138, 139, 443, 445, 8989, 8999, and 12173.

That have you covered pretty wel.l
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915135
hello,

can you list the version of zone alarm you are using?
and is the application level blocking is enabled?

if you are using the recent version which supports the application blocking than you should check the programs listed there ...... and in allowing programs to communicate zone alarm offers to allow the program to act as a server.

you should let the zone alarm to trust your winsocks proxy applications and let them open the port required by that program!!!

which you good luck!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915201
zonealarm pro 5, application level blocking is enabled, I have checked the winsock proxy server to be allowed to communicate as server too but still  nothing.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915427
is it possible for you to list the application which are not allowed to act as a server?
and your blocking levels!
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915436
btw, do you have added your Local Area Table in the trusted zone of your Z.A pro
like
192.168.0.0-192.168.0.255 add this to your trusted range might help you
also check adding a trusted subnets!!

0
 
LVL 1

Author Comment

by:jcaceres
ID: 11915802
Yes i have 2 zones, trusted one, an internet.  Trusted my 192... network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11915860
u didn't list the blocked application!!!
btw, can your client updates the winsocks client installed out there? or can they surf sites without using proxies?
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916219
none is blocked, clients cant update winsocks client, to surf sites we have to use de http proxy server.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916238
is MSN on clients are using socks proxy to connect?
and have you tried to connect to MSN without socks proxy thorough winsocks client?
and what about surfing the site thorough web proxy!!!
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11916305
msn used to connect ok with socks proxy before firewall, now, cant connect at all, even trying without socks proxy. clients are able to surf sites thorough web proxy.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11916375
have configured your Zone Alarm to allow trafic on port 1080 and than tried to connect MSN thorough Socks proxy.
also checkout the reports for watching the connections being blocked by zone alarm that would help you to see what causes the problem and than to rectify it.
0
 
LVL 1

Author Comment

by:jcaceres
ID: 11931468
I gave up and configured ms proxy 2.0 to filter packets and work as a firewall. So far so good. thanks for the suggestions, seems like this software is no good for servers.

quote:

Thank you for contacting Zone Labs Support

This Information Applies to:

All ZoneAlarm Products

Summary

I'm having a problem running ZoneAlarm on a server.

Solution:

Zone Labs does not officially support ZoneAlarm installations on
servers at this time. ZoneAlarm was designed specifically for client
applications on an endpoint machine.

Please check our website for any developments regarding server
support.

Thank you
Bill
Zone Labs Support

so i guess the answer is zonealarm is no good for my network.
0
 
LVL 9

Expert Comment

by:imnajam
ID: 11931854
hmm u can give a try to other firewalls if you wish to otherwise good luck with proxy filters:)

all the best!!!
0
 
LVL 1

Accepted Solution

by:
GhostMod earned 0 total points
ID: 11978744
PAQd, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
An article on effective troubleshooting
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question