Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

A client of mine has this issue when attempting to open up QB on the work station, QB Sees the file on the server but then pops up a message saying that it cannot communicate with it. I have uploaded a picture of the error.  I tried to find the connection diagnostic tool that it is talking about, but it seems to be hidden. The instructions always says to download it from the "OEM" website, where ever that is.  I couldn't seem to find it.  
But for some reason QB sees the files on the server, but cannot access them.  a little help would be appreciated.
Python 3 Fundamentals
LVL 13
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

I've got Ubuntu 16.04 and OpenVPN installed and seems to be working fine. But when I check firewall rules using "sudo ufw status", then I see this:
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
53                         ALLOW       Anywhere                  
465                        ALLOW       Anywhere                  
25                         ALLOW       Anywhere                  
110                        ALLOW       Anywhere                  
995                        ALLOW       Anywhere                  
143                        ALLOW       Anywhere                  
993                        ALLOW       Anywhere                  
10025                      ALLOW       Anywhere                  
10024                      ALLOW       Anywhere                  
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
53 (v6)                    ALLOW       Anywhere (v6)             
465 (v6)                   ALLOW       Anywhere (v6)             
25 (v6)                    ALLOW       Anywhere (v6)             
110 (v6)                   ALLOW       Anywhere (v6)             
995 (v6)                   ALLOW       Anywhere (v6)             
143 (v6)                   ALLOW       

Open in new window

I would like to know if someone knows a firewall that I can set an authentication page before hitting the target page, let's say that I have my server idrac page available on a public IP, I would like to know if there is a way to have the firewall to authenticate access first and then forward the request to the dell idrac web server in order to add an additional layer of protection.
Hello Experts,

I am looking for a solution to meter Internet usage and bandwidth by user on a LAN.

In other words I would like to have the ability for a user on the LAN to (based on that user's account information):

1. Restrict bandwidth based on user settings.
2. Restrict total usage (time) using the internet based on user settings.
3. Be able to reset usage etc. based on user settings.
4. Logs/reports showing All User statistics while on the Internet.

Does anyone know how to do this?


I have industrial machine needs to connect to an Access Point in order to download data through a software designed by the manufacturer, I am thinking instead of getting Physical Access Point "especially the machine is working in a sever application" to use Virtual Access point on the LAPTOP, tried ICS "Mobile Hotspot"  but this is not helpful because I need the machine to use /

Is there any Free Virtual Access Point can be download works with Windows instead of using ICS  instead of physical AP? or is there a way in Windows 10 to change IP address and subnet Mask for the clients ?

Thank You
Hi EE,

I am in the process locking down the connectivity of a Windows Server via the Windows Firewall. I have my inbound rules setup by in large, my question is how do I restrict the VPN / Remote Desktop Services on server only to allow connections from specific IP ranges.

Attached is snapshot of my current firewall configuration.

Using windows server 2016.

Any assistance is welcome.

Thank you.
Is there any possibility / way to configure Win7 firewall (on users' PCs)
such that it blocks users' access to Internet (namely Tcp80 & 443)
unless the user's VPN is connected or the user is connected to
our corporate LAN/Wifi?   Ie when user is at home or connects to
outside Wifi, the firewall rules will block the access (& only a single
firewall rule that permits connection to our corporate VPN appliance).
Officially my SonicWall Global Anti-Virus service blocks Macros VBA 5 and above.  I wanted to know if everyone here feels if this is sufficient protection from documents that have malicious macros or is it better to enable a GPO to disable Macros from the internet?

I am using FortiGate 100E firewall and firmware version is v5.4.4,build7650. I have registered IPS & Application Control service. Please refer to my attached JPG.

My question are:

1. How to know if I enable the IPS ? If I have not enable the IPS, how to enable the IPS?
2. How to enable Anti-spam service on this firewall?
3. What is sandbox service on firewall? I have enabled anti-virus function, but some people suggest me to enable sandbox function on firewall.

Best Regards,
In Azure I am creating a storage account, but need it to be accessible from our vNet's only.  During the Storage Account setup you can specify a vNet. The problem is we have two separate vNets in two different regions that needs access to this account. Instead of using vNet can we create a NSG for our Storage Account?
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Dear Experts

We are replacing firewall to cisco ASA and planning to go for cisco AMP for endpoints, would like to understand if we go for AMP do we still need antivirus solution please suggest, thanks.
Just wondering if there is a way to not redirect away certain hosts/subnets and redirect the rest of the internet traffic using policy based routing on a Dell switch.  This post has a similar issue but not sure what the solution might be (or if there is anyway):

Thank you in advance!
Will the following URL going through proxy appliance need port 19443 open on our firewall or https port:-
How can I configure windows Xp firewall to block all multicast traffic 224.*.*.* inbound and outbound ?
The windows firewall requires specifying a por ( not a port range)
Hi Experts,

Could anyone please explain to me the different options and items from

as well, the difference between software and hardware firewalls.

Thanks so much.
Hi there experts,

So im looking into webcontent filter and app monitoring. Since we have a Cisco  ASA i figure cisco Firepower services would be the a good choice and it offers IPS, Apps, AMP, and URL. We're also in the process of renewing our contract with the endpoint provider so this may be an opportunity to implement AMP.

My question is, is Cisco firepower an industry leader for endpoint protection and web web content filtering? I know there are many security companies out there with amazing products but having them under one umbrella would make life easier.

What has your experience been with Cisco firepower? good or bad..


If I'm in a Window 2008 or 2012 servers and I want to proof that some ports like Tcp 80, 443, 339 for example are opened not blocked by firewall how I can do that? Some time port are opened but there is just nothing listening, I mean there is no application installed which can respond.

Is there cmd or tool that just show what are opened?

Does anyone know the cause of the high kernel CPU usage on the CheckPoint firewall?  It seems to be happening on the active firewall, even after failover.  Nothing seems to be there on the arp table.

FW-1: [cul_load_freeze][CUL - Cluster] Setting CUL FREEZE_ON, high kernel CPU usage (XX%) on local Member 0, threshold = XX%
I have a FortiWiFi30E working at a given location. It has a static IP from the ISP on the public facing side and a private 192.168.x.x address on the private side. I've copied the configuration to another FortiWiFi30E (Box2). I need to log into the Box 2 in order to update the static IP for a different location. However, I can't log into Box 2. I'm connected from my laptop to port 1 on the 30E. Neither IP address will allow me to log into it.
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

I need to setup a Site-to-Site VPN between a SmoothWall v3.1 and a SonicWall TZ.    I have tried to configure the connection on both ends but so far have been unable to get any kind of a connection between the two.  

I have played with the IKE and IPSEC proposals on the SonicWall but have not found a combination which works. I do not see anywhere I can set these on the SmoothWall  Has anyone managed to accomplish this?
I have a Windows Adv Firewall GPO with several rules that have several IP subnets in each rule.  We are moving to a new building, and the subnets are changing.  So I have a lot of subnets to add/remove for a bunch of rules.  Is there an easy way to make bulk changes to the scope of a firewall GPO from the command line?  I found one example where someone used an answer file. But the example lacked so many details, I couldn't quite determine how to use it to make "scope" changes.

I would really like to avoid clicking through all the subnet add/delete's.  

We are mostly Windows 7 with a growing Windows 10 user base.  Our DC's are W2K12 R2.

Any and all advice is greatly appreciated!!
I want to restrict internet access on my Citrix servers, and only allow them to access a few specific sites. Back in the day, I used Microsoft ISA server for this, and it worked really well. It gave a robust set of hierarchical rules which allowed to set access exactly how I wanted it.

However, ISA server has gone away with Forefront taking it's place. I really don't want to do Forefront.

Is there anyone proxy product out there that does what ISA server did? Most proxy products I've found have extremely limited rules based access.
Securing Nas drives behind an internal software based firewall

I have a couple of Nas drives that are wide open for everyone on the network to see

I am wondering if I could have Pc's with two NIC's

One going to normal network and one going to a switch which I would then connect the NAS drives too as well

At least that way I could monitor the firewall

Or is there another solution?
Anwsers on a postcard

Good Morning,

So I've been tasking with closing certain ports on some computers at the moment I am playing with a Test Computer via Windows Firewall implementing locally and via GPO

So for example I want to try and block port 445 for example by default and then only allow certain IP addresses to connect to that port.

I know I can block the port via Windows Firewall and run Netstat -NA to see if the port is listening

If it also possible to telnet to open port to test is they are open? If so how would I know if it was connected or blocked.

If there a way to turn on Windows Firewall Logging on a local computer without going via GPO

Thank in advance
After a nasty Trojan virus, we have implemented windows firewall SMB block rules on our client computers to block incoming SMB.   This allows us to protect computers on the same network from a lot of malware file dropping.

We are also implementing a new Patch Manager that uses WSUS as an intermediary.   This mechanism requires SMB and WMI.   So, with Group Policy I tried to put in an exception in the rules using an allow if secure, then putting in the computers that need access.  I found out that if there are local rules that allow SMB and they are merged, it will allow anything through.   I also went the route of setting up a machine (windows 10) firewall manually, then exporting all the firewall rules with an exception (defined in remote computer scope), then denying local firewall rules and local security connections through the GPO.   This, initially, I thought worked.   However, when testing the same GPO on a windows 7 machine, it did not clear out the local firewall rules.

Is there something different I need to do for windows 7 firewall, or is there another route we should take?   Right now our LAN to LAN segments are protected with firewall, but clients on the same segment are vulnerable to each other unless I do a block rule (which takes precedent over any allow rule).

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Top Experts In
Software Firewalls