asked on

SMB Fails Windows VM Public IP

Windows UNC (SMB) fails across public network. SMB works inside VM, i.e. 192.168.1.104 from/to 192.168.1.108, however, when trying same mount from inside our office to vCloud environment the mount fails. Wireshark shows the 445 packets never arrive and Windows moves on to port 80 which does not work nor is it expected to. vCloud firewall has an any/any permit rule and Wireshark shows the traffic leaving the office network.

ASKER CERTIFIED SOLUTION

noci

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

gskortz

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

gskortz

ASKER

Thanks, your comment lead to checking for Comcast system wide blocked ports.

noci

F.y.i. SMB has SO many attack vectors it is near IMPOSSIBLE to setup a secure SMB environment.
And if SMB protocol is not vulnerable as such (did you verify that?) than the assumption on which it is used are mostly flawed as the usage was meant for restricted LAN environments, so all kinds of other tools & libraries are bordering the SMB service causing other security holes.

So it isn't exactly "Security" for the masses that is the policy here. Remember the outbreak of NOTPetya, that was related to SMB weaknesses.
Last week a biggie was fixed in the SMB protocol.

gskortz

ASKER

Thanks for you input. I appreciate your comments, however, there are very specific protections in place including input source and destination IP addresses for the 445 traffic. We understand how to provide alternative solutions including an IPSEC vlan and potentially port forwarding. My job was to determine a list of alternatives which would include reassignment of the SMB port if possible. Hence my question.

noci

ok good luck.