Windows firewall

Posted on 2011-10-20
Last Modified: 2012-06-27
I have a client which is running windows firewall.  I have a new domain policy that I am trying to use to allow a specific server to talk to it on specific ports.  The client is taking notice of the policy as each time I change the policy it recognises the fact I relocate the firewall log file.  The log file repeatedly shows the ports being dropped from the source IP.

I have added in under domain profile of the windows firewall GPO the following policies
 - Define inbound program exceptions - Enabled for 2 programs
 - Allow inbound file and printer sharing - Enabled
 - Allow ICMP exceptions - Enabled with all ticked
 - Allow logging - Enabled - I change the location each time I make a change to verify it has done it
 - allowed local port exceptions - enabled
 - allow inbound remote administration exceptions - enabled  for core server ranges
 - Prohibit ubnicast response to multicast - disabled
 - define inbound port exceptions - Enabled with the following example
                   1761:TCP:MY Server IP IP:enabled:process1
                   33354:UDP:My Server IP:enabled:Process 2

I have covered all the ports that the system I am pushing from uses however now I am seeing random port numbers from the source server hitting the destination machine and dropping the packets.  These ports atre not listed anywhere in the documentation of the source servers application and I know it does not use them.  The following are the random ports it is now dropping fromthe server
TCP 1558 - attampt 1
TCP 1292 - attempt 2
TCP 1244 - attempt 3
TCP 1164 - attempt4

Is there a way to say to the windows firewall to accept any traffic TCP / UDP on ANY port from a specific IP source or range.

Question by:MarkBourn
    LVL 11

    Expert Comment

    LVL 11

    Expert Comment

    Change Scope is the answer

    Author Comment

    M3rc74: The article you posted tells me nothing I dont already know.  It also tells me nothing about AD policy to control the firewall.  I can see the dropped packets from the log file but canot understand why it is dropping ports that the product does not use unless it is other windows ports being dropped.

    Can you also elaborate on Change scope is the answer.  exactly what scope are you referring to and which AD policy.

    Accepted Solution

    In addition to this post it appears my windows 7 machine has an extra setting called - define inbound port exceptions.  This does not exist on my windows 2000 AD servers hence my issue with this not passing to the clients.  

    The above answers my question

    Author Closing Comment

    Resolved myself

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now