[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 437
  • Last Modified:

WinSock Proxy clients behind zonealarm pro firewall

Hello, this is the escenario, i have a nt server 4.0 server, 2 nics, one to the isp, the other one to my private network, before installing the zonealarm firewall my clients connected to internet through proxy 2.0 winsock, for example msn messenger connected ok, now that i have this firewall it doesnt. Anyone have any idea about the ports i have to allow so the Wspsrv server gets to work.
0
jcaceres
Asked:
jcaceres
  • 7
  • 7
  • 4
  • +1
1 Solution
 
adamdrayerCommented:
Zone Alarm is most likely blocking the communication in and out of the NT box, not the actual proxy server

For messenger:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q278887
To enable voice communications, make sure that outgoing TCP connections from port 6901 are enabled. Also enable UDP packets where either the source or the destination port is 6901.

To enable file transfers, enable both incoming and outgoing TCP connections to the 6891-6900 range of TCP ports. This allows each sender to perform up to 10 simultaneous file transfers. Note that if only TCP port 6891 is open, users are only able to perform one file transfer at a time.

To enable messaging, enable outgoing TCP connections to TCP port 1863.
0
 
adamdrayerCommented:
Something else I found:

go into the program control options of zone alarm , click on programs scroll down to messenger and in the access column left click and a box will come up check to allow in both options trusted zone and internet zone,then everything will be cool....happy surfin!
0
 
jcaceresAuthor Commented:
Still not working, when i shutdown the zonealarm pro firewall my clients can connect to msn and ftp sites etc.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
adamdrayerCommented:
ftp requires you open ports 20 and 21
msn probably requires ssl which is port 443

ZoneAlarm can keep a log of denied packets, check the logfile for a complete lists of ports that these programs are trying to use.
0
 
jcaceresAuthor Commented:
I guess this is not specificly a problem for msn, but for the winsock applications, my wsp client cant route them to internet.
0
 
adamdrayerCommented:
If it doesn't work when you run ZoneAlarm, but works when you disable it, then it is a ZoneAlarm configuration problem.  99% of what ZoneAlarm is all about is blocking ports.  You need to open them.

try opening ports 20, 21, 23, 53, 80, 137, 138, 139, 443, 445, 8989, 8999, and 12173.

That have you covered pretty wel.l
0
 
imnajamCommented:
hello,

can you list the version of zone alarm you are using?
and is the application level blocking is enabled?

if you are using the recent version which supports the application blocking than you should check the programs listed there ...... and in allowing programs to communicate zone alarm offers to allow the program to act as a server.

you should let the zone alarm to trust your winsocks proxy applications and let them open the port required by that program!!!

which you good luck!
0
 
jcaceresAuthor Commented:
zonealarm pro 5, application level blocking is enabled, I have checked the winsock proxy server to be allowed to communicate as server too but still  nothing.
0
 
imnajamCommented:
is it possible for you to list the application which are not allowed to act as a server?
and your blocking levels!
0
 
imnajamCommented:
btw, do you have added your Local Area Table in the trusted zone of your Z.A pro
like
192.168.0.0-192.168.0.255 add this to your trusted range might help you
also check adding a trusted subnets!!

0
 
jcaceresAuthor Commented:
Yes i have 2 zones, trusted one, an internet.  Trusted my 192... network.
0
 
imnajamCommented:
u didn't list the blocked application!!!
btw, can your client updates the winsocks client installed out there? or can they surf sites without using proxies?
0
 
jcaceresAuthor Commented:
none is blocked, clients cant update winsocks client, to surf sites we have to use de http proxy server.
0
 
imnajamCommented:
is MSN on clients are using socks proxy to connect?
and have you tried to connect to MSN without socks proxy thorough winsocks client?
and what about surfing the site thorough web proxy!!!
0
 
jcaceresAuthor Commented:
msn used to connect ok with socks proxy before firewall, now, cant connect at all, even trying without socks proxy. clients are able to surf sites thorough web proxy.
0
 
imnajamCommented:
have configured your Zone Alarm to allow trafic on port 1080 and than tried to connect MSN thorough Socks proxy.
also checkout the reports for watching the connections being blocked by zone alarm that would help you to see what causes the problem and than to rectify it.
0
 
jcaceresAuthor Commented:
I gave up and configured ms proxy 2.0 to filter packets and work as a firewall. So far so good. thanks for the suggestions, seems like this software is no good for servers.

quote:

Thank you for contacting Zone Labs Support

This Information Applies to:

All ZoneAlarm Products

Summary

I'm having a problem running ZoneAlarm on a server.

Solution:

Zone Labs does not officially support ZoneAlarm installations on
servers at this time. ZoneAlarm was designed specifically for client
applications on an endpoint machine.

Please check our website for any developments regarding server
support.

Thank you
Bill
Zone Labs Support

so i guess the answer is zonealarm is no good for my network.
0
 
imnajamCommented:
hmm u can give a try to other firewalls if you wish to otherwise good luck with proxy filters:)

all the best!!!
0
 
GhostModCommented:
PAQd, 500 points refunded.

GhostMod
Community Support Moderator
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 7
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now