• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Windows firewall

I have a client which is running windows firewall.  I have a new domain policy that I am trying to use to allow a specific server to talk to it on specific ports.  The client is taking notice of the policy as each time I change the policy it recognises the fact I relocate the firewall log file.  The log file repeatedly shows the ports being dropped from the source IP.

I have added in under domain profile of the windows firewall GPO the following policies
 - Define inbound program exceptions - Enabled for 2 programs
 - Allow inbound file and printer sharing - Enabled
 - Allow ICMP exceptions - Enabled with all ticked
 - Allow logging - Enabled - I change the location each time I make a change to verify it has done it
 - allowed local port exceptions - enabled
 - allow inbound remote administration exceptions - enabled  for core server ranges
 - Prohibit ubnicast response to multicast - disabled
 - define inbound port exceptions - Enabled with the following example
                   1761:TCP:MY Server IP IP:enabled:process1
                   33354:UDP:My Server IP:enabled:Process 2

I have covered all the ports that the system I am pushing from uses however now I am seeing random port numbers from the source server hitting the destination machine and dropping the packets.  These ports atre not listed anywhere in the documentation of the source servers application and I know it does not use them.  The following are the random ports it is now dropping fromthe server
TCP 1558 - attampt 1
TCP 1292 - attempt 2
TCP 1244 - attempt 3
TCP 1164 - attempt4

Is there a way to say to the windows firewall to accept any traffic TCP / UDP on ANY port from a specific IP source or range.

  • 3
  • 2
1 Solution
Kruno DžoićSystem EngineerCommented:
Kruno DžoićSystem EngineerCommented:
Change Scope is the answer
MarkBournAuthor Commented:
M3rc74: The article you posted tells me nothing I dont already know.  It also tells me nothing about AD policy to control the firewall.  I can see the dropped packets from the log file but canot understand why it is dropping ports that the product does not use unless it is other windows ports being dropped.

Can you also elaborate on Change scope is the answer.  exactly what scope are you referring to and which AD policy.
MarkBournAuthor Commented:
In addition to this post it appears my windows 7 machine has an extra setting called - define inbound port exceptions.  This does not exist on my windows 2000 AD servers hence my issue with this not passing to the clients.  

The above answers my question
MarkBournAuthor Commented:
Resolved myself
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now