Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I find out what incoming connection window firewall is blocking

Posted on 2011-02-16
14
Medium Priority
?
1,377 Views
Last Modified: 2012-05-11
I have a server application that client machines need to access.   I have gone through and opened the ports and programs that I thought were need to the incoming allow rules, but the clients still can run the server program.  How do I turn logging on for the Firewall (Server 2008 R2) so that I can figure out what Firewall is blocking.  Or what is the easiest way to figure out what programs need to be added to the allow list.

Thanks,
0
Comment
Question by:vbchewie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 5

Expert Comment

by:jason987
ID: 34912082
Go to start and then type in "windows firewall" and once in the dialog for that go to "monitoring" and then "firewall".  This will list all of the programs and any inbound and outbound ports allowed.  If you application is in there and the proper ports allowed go back to start and type in "cmd" and then in that window type "netstat -a" and see if there is a line with "listening" on the port the application should be.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 34912271
The problem is I don't know what it is blocking is there a way for me look an figure what it blocked not what it is blocking.  The Developer is telling me just shut of your firewall,  and I would prefer not to.  So I need to figure out what needs to be allowed so I can keep the firewall on.

Thanks
0
 
LVL 5

Expert Comment

by:jason987
ID: 34912344
Well turning off the firewall temporarily is a good step if you can do it because it will isolate whether the issue is the program or the firewall.

Here is the walk-through on how to turn on and view the WinFirewall log, you should only need to turn on the option for blocked connections but for debugging purposes I would do both:

http://technet.microsoft.com/en-us/library/cc947815%28WS.10%29.aspx
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Comment

by:vbchewie
ID: 34912512
Here is my pfirewall file.  The Client is 192.166.125.138, does this mean I need to open ports 1072 and 1074?

pfirewall.txt
0
 
LVL 5

Expert Comment

by:jason987
ID: 34912537
No, port 86 is where they are trying to get to, 1074 is the originating port.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 34912582
Opening that port did not fix the problem.  Any places I can look for whats getting blocked?
0
 
LVL 5

Expert Comment

by:jason987
ID: 34913289
Honestly, dropping the firewall temporarily will move this along much faster.  9/10 times when I see issues like this it is the application/service not listening, accepting connections, or handling them properly.

What did:

"netstat -a"

...produce?  You haven't said what ports the application needs or what protocol it is, that's a huge "step one"
0
 
LVL 1

Author Comment

by:vbchewie
ID: 34918677
Should I run "netstat -a" with firwall on or off?  The problem is I don't know what ports the application needs thats what I'm trying to figure out the developer is say just completely disable the firewall and I won't have the issue.
0
 
LVL 5

Expert Comment

by:jason987
ID: 34918782
You can run netstat with the firewall on or off.  The operation of the firewall simply does not allow incoming connections, the applications or services will still attempt to listen.  If you are in contact with the developer can't they tell you what ports the application listens on?

The tcpview tool will show you what applications are listening or connected which should list your application if it is indeed listening for incoming connections:

http://technet.microsoft.com/en-us/sysinternals/bb897437

Again, turning off the firewall temporarily and testing would be the best way to diagnose if this is a firewall problem and not a application issue.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 34919073
I'm sorry, I already determined it was the firewall.  If I turn it off the client application connects fine.  I've attached the netstat -a and the highlighted the to programs on TCPView that I know are part of the application.
netstat.txt
TCPView.png
0
 
LVL 5

Accepted Solution

by:
jason987 earned 1800 total points
ID: 34919186
From that:

CCITCP2.EXE is listening for *UDP* connections on port 86.
IMPCSU.EXE is listening for *TCP* connections on port 57196.

The only reason you should need to not have the firewall on is if the application uses different ports for some odd reason.  The TCP/UDP distinction is important.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 34919899
How did you get the UDP port 86?  I see the TCP 57196.
0
 
LVL 5

Expert Comment

by:jason987
ID: 34920006
CCITCP2.exe is listening on local port "mfcobol" which is translated to port 86 as described in:

\Windows\System32\drivers\etc\services

It could point to a different port in services but I verified the port in the netstat log.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 34920063
Thank you it turned out to be just the UDP port 86. Client Program is working now.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question