Software Firewalls Help

I have a Windows Adv Firewall GPO with several rules that have several IP subnets in each rule. We are moving to a new building, and the subnets are changing. So I have a lot of subnets to add/remove for a bunch of rules. Is there an easy way to make bulk changes to the scope of a firewall GPO from the command line? I found one example where someone used an answer file. But the example lacked so many details, I couldn't quite determine how to use it to make "scope" changes.

I would really like to avoid clicking through all the subnet add/delete's.

We are mostly Windows 7 with a growing Windows 10 user base. Our DC's are W2K12 R2.

Any and all advice is greatly appreciated!!

7 Comments

Introduction to Web Design

LVL 13

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I want to restrict internet access on my Citrix servers, and only allow them to access a few specific sites. Back in the day, I used Microsoft ISA server for this, and it worked really well. It gave a robust set of hierarchical rules which allowed to set access exactly how I wanted it.

However, ISA server has gone away with Forefront taking it's place. I really don't want to do Forefront.

Is there anyone proxy product out there that does what ISA server did? Most proxy products I've found have extremely limited rules based access.

2 Comments

Securing Nas drives behind an internal software based firewall

I have a couple of Nas drives that are wide open for everyone on the network to see

I am wondering if I could have Pc's with two NIC's

One going to normal network and one going to a switch which I would then connect the NAS drives too as well

At least that way I could monitor the firewall

Or is there another solution?
Anwsers on a postcard

Ian.

9 Comments

Good Morning,

So I've been tasking with closing certain ports on some computers at the moment I am playing with a Test Computer via Windows Firewall implementing locally and via GPO

So for example I want to try and block port 445 for example by default and then only allow certain IP addresses to connect to that port.

I know I can block the port via Windows Firewall and run Netstat -NA to see if the port is listening

If it also possible to telnet to open port to test is they are open? If so how would I know if it was connected or blocked.

If there a way to turn on Windows Firewall Logging on a local computer without going via GPO

Thank in advance

2 Comments

After a nasty Trojan virus, we have implemented windows firewall SMB block rules on our client computers to block incoming SMB. This allows us to protect computers on the same network from a lot of malware file dropping.

We are also implementing a new Patch Manager that uses WSUS as an intermediary. This mechanism requires SMB and WMI. So, with Group Policy I tried to put in an exception in the rules using an allow if secure, then putting in the computers that need access. I found out that if there are local rules that allow SMB and they are merged, it will allow anything through. I also went the route of setting up a machine (windows 10) firewall manually, then exporting all the firewall rules with an exception (defined in remote computer scope), then denying local firewall rules and local security connections through the GPO. This, initially, I thought worked. However, when testing the same GPO on a windows 7 machine, it did not clear out the local firewall rules.

Is there something different I need to do for windows 7 firewall, or is there another route we should take? Right now our LAN to LAN segments are protected with firewall, but clients on the same segment are vulnerable to each other unless I do a block rule (which takes precedent over any allow rule).

12 Comments

I have Snort installed on a pfSense box and it is blocking access to startribune.com. When I do a ping of startribune.com I am getting 52.44.42.61, which does not appear in the logs that I have looked at. Does anyone have any ideas why I wouldn't be able to get there if that IP is not blocked?

3 Comments

Client has brand new Win 10 Pro with Windows Defender...
He cannot access a certain website...
www.commonsku.com is providing an online training video...

Clicking on the video takes you to www.useloom.com...and Defender goes crazy...red page..."infected website"...email to tech at commonsku.com says we need to whitelist
useloom.com...

Got the IP addys...edited hosts file...no joy...
Tried to go into Defender but cannot figure out how to allow a website thru Defender...

Go to New Rule...nothing there that would apply to a website...Programs...Ports...etc...no HTTP://...

Need a little help...can't be hard....I'm just not seeing it...

thanks

6 Comments

Hi,

I am trying to build cluster for two NGFW 4110. Any document that can help me to do that?

Thanks

1 Comment

what is the difference between state full inspection and deep packet inspection ?

thanks !!!

3 Comments

How do I set up an exception in Avast AVG Business so as to allow an FTP server to connect to a folder on my computer? I have a Canon WFT wireless transmitter that connects to an FTP server on my computer. When I disable the AVG protection, the files are transmitted normally, but blocked otherwise. How do I set up an exception to allow the files to go through.

9 Comments

OWASP: Threats Fundamentals

LVL 13

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

I have 2 offices next to each other, however each office has its own firewall (different manufactures).

Office A needs to communicate with Office B with one computer. In office A I have one computer with 2 NIC cards, one configured with the 0.1 network and the other with 1.1 network.

I have a physical connection going from Office B (Sonicwall) to the second NIC card in the PC in Office A.

When I go to office B I can ping office A, but when I go to office A and try to ping office B, I don't get a response.

The PC in office A is running Windows 10 Pro

Question, can this set-up work with 2 NIC cards in one PC to create the connection across the two networks?

I have tried creating routing rules in the firewall, but no success so far. I can only ping from office B, but not the other way around.

Thanks in advance
existing-connections.pdf

11 Comments

LVL 1

Question by

Lufaa

2019-01-09Solved

VPN software on a server

Hi all,

I'm looking for "firewall" software which I can install on my Windows 2008 server so clients can securily connect to this server.
Is this possible and which is a trustworthy vendor for this. I know I can also use the built-in but more and more systems like Apple do not really support it anymore and because this server is behind a shared connection a hardware firewall is not possible.

Thanks for your advice in this matter.

Best regards

11 Comments

LVL 1

Question by

Teavana

2018-12-26Solved

akamai.net Traffic

Hi Experts,

I have been noticing some my endpoint computers going to this site akamai.net. I am not sure why or what application/s are generating this traffic.

Have you seen this in your environments and should I blocked this site ?

Software Firewalls

4 Comments

Windows 10 Version 1809 Build 17763.107
Windows Defender Security Center says:
"Windows defender firewall is using settings that may make your device unsafe"

I reset the firewall and it seemed to work in fixing this.,
Then I applied our standard script which adds firewall settings.
Now the message is back.
But how to find the problem?

7 Comments

We have an internal program that uses a public certificate for security. We need to lock down the application on devices so they do not have any access outside of the program (client connects to a server using several ports) and Logmein (for remote support).

I am using the Windows Firewall to block outbound traffic except for traffic we will allow for the program. The problem I am having is that the application will not run because the public certificate will not verify the certificate chain (for security on the user login). I have tried to turn off settings for revocation in Internet Options, but that is not what the problem is. It seems the app needs access to the internet to verify the certificate. So in Windows Firewall, I need to know what exactly do I need to open outbound?

2 Comments

so all of a sudden some emails stop flowing and my connector is not validating, been setup for years and we did not change any server or network settings

i have Office 365 and a hybrid server - exchange 2010

the emails that are failing are coming from my mercury server and flows thru my exchange to office 365. i have contacted microsoft support but they are saying its an internal issue.

6 Comments

Hi

I have a remote worker that needs access to my server for development processes.

They only have a dynamic ip address and using a VPN isnt very practical in this paticular situation.

Am i able to use iptables to open up a port to just their ddns.org fqdn?

thanks

4 Comments

Description of problem:
I have this a text file

# Generated by iptables-save v1.4.21 on Fri May 11 16:48:14 2018
*nat
:PREROUTING ACCEPT [104870:20593583]
:INPUT ACCEPT [116564:21221907]
:OUTPUT ACCEPT [17993376:1098269263]
:POSTROUTING ACCEPT [17993377:1098269323]
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4443
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4443
COMMIT
# Completed on Fri May 11 16:48:14 2018
# Generated by iptables-save v1.4.21 on Fri May 11 16:48:14 2018
*filter
:INPUT ACCEPT [104255:21990084]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [116465543:24365206954]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -p tcp -m tcp --dport 4443 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 8081 -j ACCEPT
COMMIT
# Completed on Fri May 11 16:48:14 2018

Open in new window

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Place the File in a Tmp directory as iptables-export-ref2.txt
2.Run the Command: sudo iptables-restore -t < /tmp/iptables-export-ref2.txt
3. Error: Iptables-restore v1.4.21: iptables-restore: unable to initialize table 'nat

Actual results:
It gives error : iptables-restore v1.4.21: iptables-restore: unable to initialize table 'nat

Expected results:

Additional info:
I am not sure what is missing here and what needs to be done to get this implemented.

8 Comments

Windows Server 2008 Firewall

I'd like to restrict Remote Desktop access to the server to just one external IP, and one LAN IP.

Have created an inbound rule for the RD port.

If I enter the external IP in the rule scope options and leave local IP as any, then only the external IP connects but no local IPs
can connect. If I enter the local IP specifically then it blocks access from the external IP even though its specifiied.

It appears I can do one or the other only in the rule.

How do I configure the firewall to allow RD access from one specific internal IP and one specific external IP only ?

Thank you

3 Comments

OWASP Proactive Controls

LVL 13

Learn the most important control and control categories that every architect and developer should include in their projects.

LVL 7

Question by

gudii9

2018-11-12Solved

mpg to mp4

hi i have 13 hour .mpg video file which i am trying to play in my phone which is not working

how to conver tthat to say mp4 which easily play in my anroid phone.
i am using mx player to play videos on phone

any free good tool for this conversion

please advise

6 Comments

We have a user with a HP Officejet 6830 that we are trying to setup with HP EConnected/EPrint (print over Internet). Everything goes smoothly throughout the setup, however, upon adding the printer the dot is orange not green on the HP EConnected site. However, in checking the printer locally he have a green check mark for EPrinting.

The user has a basic home network with a AT&T UVerse (not sure of the exact manufacturer). Do you need to open up certain ports for EPrint to work on one of these routers? (In the past wet set one up on a home network with a Negear router and it was plug and play--green dot next to printer not orange.

1 Comment

Looking to find software that we can install on a certain couple of users PC's that will send their manager a log of what websites she is visiting, times and how long?

Don't want to spend 1000 dollars, just something basic.

5 Comments

I am doing my first sbs 2011 Standard to office 365 hosted exchange migration.

I am using migration wiz and 4 of 5 mailboxes failed. one talked of actively refiusing the connection.

It reminded me - there's a watchguard firewall at the sbs 2011 location. I remember once someone else having a problem with too much data going to /. from 1 place that the watchguard shut it off - there's a setting to limit amount of data to / from 1 external location that was on by default.

Anyone know where that is? Could that be why they are failing the migration?

can you tell me where to look to disable that if it's on. and maybe where to look to see if that feature was activatted in the last 48 hours?

THANKS!

8 Comments

I have a PowerShell script that runs a number of commands that look like this (with various names involved):

Set-NetFirewallRule -DisplayName "Remote Event Log Management (RPC)" -RemoteAddress 10.10.2.0/24,LocalSubnet -Profile Private -Enabled True

Open in new window

One problem with this is that it creates duplicate firewall rules. So, if we run the script twice then we are assured of getting at least 2 identical rules.
(It's easier to run the script than to decide whether to run it!).

So, I have two objectives that I've not been able to reasonably figure out on my own:

1) I want to remove the duplicate firewall rules that this process has created.
2) I want to add the same firewall rules to computers that have no duplicates, without creating duplicates once more.
3) I want all of this wrapped up into two scripts.

How might you suggest this be done?

11 Comments

The scenario: Windows server behind a firewall (pFsense) is initiating an FTP connection to an external service. The external service is stating the firewall is passing the internal IP address to their FTP server in the connection setup.

I've reviewed the firewall settings and don't see how the firewall could be doing this. I don't have access to the windows server or the software initiating the connection to review them.

Any suggestions on where to look?

Thanks

6 Comments

Software Firewalls

Related Topics

Software Firewalls

Related Topics