SMB Fails Windows VM Public IP

Windows UNC (SMB) fails across public network. SMB works inside VM, i.e. 192.168.1.104 from/to 192.168.1.108, however, when trying same mount from inside our office to vCloud environment the mount fails. Wireshark shows the 445 packets never arrive and Windows moves on to port 80 which does not work nor is it expected to. vCloud firewall has an any/any permit rule and Wireshark shows the traffic leaving the office network.
gskortzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
SMB is not exactly a protocol to expose (or want to expose) on to the internet....
so many firewall block 445 on WAN boundaries.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gskortzAuthor Commented:
Comcast/Xfinity our ISP blocks port 445 both up and downstream.  We are working with firewalls on both sides so we are not exposing SMB to the "internet" just between our office and public VM's. Issue of security for the masses versus proper ability to manage. thanks
0
gskortzAuthor Commented:
Thanks, your comment lead to checking for Comcast system wide blocked ports.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

nociSoftware EngineerCommented:
F.y.i. SMB has SO many attack vectors it is near IMPOSSIBLE to setup a secure SMB environment.
And if SMB protocol is not vulnerable as such (did you verify that?) than the assumption on which it is used are mostly flawed as the usage was meant for restricted LAN environments, so all kinds of other tools & libraries are bordering the SMB service causing other security holes.

So it isn't exactly "Security" for the masses that is the policy here. Remember the outbreak of NOTPetya, that was related to SMB weaknesses.
Last week a biggie was fixed in the SMB protocol.
0
gskortzAuthor Commented:
Thanks for you input. I appreciate your comments, however, there are very specific protections in place including input source and destination IP addresses for the 445 traffic. We understand how to provide alternative solutions including an IPSEC vlan and potentially port forwarding. My job was to determine a list of alternatives which would include reassignment of the SMB port if possible. Hence my question.
0
nociSoftware EngineerCommented:
ok good luck.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.