We help IT Professionals succeed at work.

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Inherited SonicWall TZ100
Need to add external ip address for remote access to internal cameras, each with own separate internal ip address
we have the external block ready need helping setting up the external ip on the firewall
Are there any alternatives to the above groups? It seems like the "big brand name" groups are either dead or dying.  Also seems like all the online user groups/forums that are very topic-specific are winning.

I need to:
-connect to a server via powershell (execute invoke commands and enter pssessions)
-execute sql queries to another server

Both work on one w10 pc, not on another.
Which ports on the firewall I need to open
-for Powershell
-for sql queries?

Please advise
Here is the scenario:

We have 5 MPLS sites all with the same carrier and they each have a Windows DC (Hyper-V) at each location. 3 of the sites replicate properly back to our Head office DC and to the other ones properly.  2 of them do not.  When digging into the issue extensively it is throwing DNS issue notices. So I have taken wireshark captures on the two sites interfaces and can see port 53 (DNS) traffic coming into the interfaces at both sites fine, but when I try to telnet to said DC: IE telnet 53 I cant.  I have removed all antivirus software, turned off all software firewalls and there is no Firewall between sites as they are via trusted interfaces between sites.  

So my question is how can I see DNS traffic coming into the interfaces on port 53, but I am not able to telnet to that port?? but on the other sites I can???

What am I missing here??

what's metadata.svc?

Hi there, I'm running a file report on Cisco Firepower services and I' noticing a lot of metadata.svc  between hosts. Is this something I should explore further?

Hi I'm trying to get Quickbooks Enterprise running on A Server 2019, but the database server manager reports error with the Windows firewall.  I have added the ports to the allow list in the firewall, but It is still being blocked.  

I opened 8019, 56728, 55378-55382 but no go, I also ran file doctor that usually finds the problem but it didn't find anything.

Thanks all.
Dear Experts,
I am planning to buy Raspberry Pi and turn it into a home firewall. Do you think this is a good idea esp that I would like to also create a captive portal for wifi access and monitor network traffic .etc

If this works what kind do you recommend ? and what are the exact specs that I need?
Thank you
I have been contacted by our wells fargo bank rep and they told us a URL has changed and we are to add it to our firewall rules for continued access.  I have a SonicWall applianace, so the first question I have is where can I find the model number?  The interface recently changed and I used to be able to find it quickly.  Second question, how to I add this url to the firewall so it does not get blocked?
Our network team raised concern that with the number of IP addresses to block
(currently we create a group & add in IP addresses) coming from cyber regulator,
it may hog/slow down our CheckPoint 12600.

What's the rule of thumb for max number of rules for 12600?  We estimated the
number of IP to block to reach 5000 per year.

There's currently 1 rule ie "Deny Threat_intel_list All  for all ports/protocol":
So with only 1 rule but adding IP to the "Threat_intel_list" cause slowness or
by adding the # of IP to the list will increase the latency (make it slower) as well?

Q3: *** this question is crucial ***
We plan to break down that single rule to multiple rules ie 1 rule for 1 IP from
Threat Intel to block so that we can assess if there are hits & subsequently
assess whether to remove rules that don't have hits after, say 6 months so
as to reduce the # of rules & load to the firewall: is this a good practice in
terms of making the firewall faster?  In terms of cybersecurity, was advised
by one vendor this is a safe practice as IOCs that are 'dormant' ought to be
removed, just like AV vendors removed signatures for viruses that have not
been seen in the wild for quite a while to reduce the size/length of the AV
signature file/DB.

To do firewall rules review (ie remove rules,  permit or block rules: permit as
it means the endpoint device may have been decomm'ed & block if the IOC
is not active), reckon we review if there are hits.  Heard …
Please see the attached (pardon my scratch!) pdf document of what I'm looking to do. The main reason for my decision to use PFSense is because my Meraki gear maxes out on the WAN side at 250Mbps. I now have a 1GB up/down and a 100/100 secondary circuit. I know that if I use gb cards on a pfsense system, I should get awfully close to 900 Mbps. Very new to pfsense, so the more help the better. :)IMG_0001.pdf
HI Experts,

I am having difficulty pushing out refreshed Group policies from Windows Server 2016 to Windows 10 clients.

They are all failing with "The remote procedure call was cancelled."

I have had some success turning off the firewall on one machine and then it successfully pushed it out, but obviously I don't want to turn off windows firewall.

I tried adding an inbound and outbound rule on the firewall on port 135 for TCP but this doesn't work.

Can anyone please help advising what firewall ports need to be open on the client PC for the group policy to get pushed out successfully.

Many thanks in advance.
Hi Experts

Could you point a way to check if a port is released at Win 10 firewall?

I followed the steps to release the port 7890 at win10 but after all I don't know if the operation was successful.
Maybe not since it looks blocked.

Thanks in advance.

I have question. Can we manage Firepower 4110 without using FMC (Firepower management center) or I will need to buy one?
Which appliance or virtual FMC I need to buy? and is there any free license or no?

Thanks in advance
Port 25 is open but I've got the following. Any advice?
C:\Users\Administrator>telnet localhost 25
Connecting To localhost...Could not open connection to the host, on port 25: Connect failed

Please do you have a method via GPO or key registry  to allow the message (attached).

Thx for your help.
Microsoft Products not signing into the new network.

Hello all, we implemented a new network, that is behind a firewall.
when I image a machine newly, I try to open outlook , it fails to connect, I tries onedrive, same thing. word and excel can't activate.
I connect to a different wifi (without the firewall and corporate connectivity) they all work fine. I activate and authnitcate and configure all products fine.
I switch back to corporate, they continue to work fine, for hours, or days. and suddenly the error happens again.
I have to switch to unprotected wifi, open the applications (or at least one of them) and get back to corporate network, where all will work fine again for a while.

I am thinking of the following scnarios:

1- it could be one of the many firewall rules missing on the firewall. that is used to authenticate or check the license of MS products.
2- expected it could be outdated drivers of WLAN, I updated those, but problem continued.

any ideas where should I start looking?
A client of mine has this issue when attempting to open up QB on the work station, QB Sees the file on the server but then pops up a message saying that it cannot communicate with it. I have uploaded a picture of the error.  I tried to find the connection diagnostic tool that it is talking about, but it seems to be hidden. The instructions always says to download it from the "OEM" website, where ever that is.  I couldn't seem to find it.  
But for some reason QB sees the files on the server, but cannot access them.  a little help would be appreciated.
I've got Ubuntu 16.04 and OpenVPN installed and seems to be working fine. But when I check firewall rules using "sudo ufw status", then I see this:
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
53                         ALLOW       Anywhere                  
465                        ALLOW       Anywhere                  
25                         ALLOW       Anywhere                  
110                        ALLOW       Anywhere                  
995                        ALLOW       Anywhere                  
143                        ALLOW       Anywhere                  
993                        ALLOW       Anywhere                  
10025                      ALLOW       Anywhere                  
10024                      ALLOW       Anywhere                  
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
53 (v6)                    ALLOW       Anywhere (v6)             
465 (v6)                   ALLOW       Anywhere (v6)             
25 (v6)                    ALLOW       Anywhere (v6)             
110 (v6)                   ALLOW       Anywhere (v6)             
995 (v6)                   ALLOW       Anywhere (v6)             
143 (v6)                   ALLOW       

Open in new window

I have MikroTik 1036 and I configure hotspot on it.
MikroTik gateway is pfsense with squid proxy  http and https
now I can check the ip logging on access.log on squid without any problem  but I want to make the log related to user who is authenticated on MikroTik hotspot.
how I can do it ?
should I use radius server ?
I would like to know if someone knows a firewall that I can set an authentication page before hitting the target page, let's say that I have my server idrac page available on a public IP, I would like to know if there is a way to have the firewall to authenticate access first and then forward the request to the dell idrac web server in order to add an additional layer of protection.
Hello Experts,

I am looking for a solution to meter Internet usage and bandwidth by user on a LAN.

In other words I would like to have the ability for a user on the LAN to (based on that user's account information):

1. Restrict bandwidth based on user settings.
2. Restrict total usage (time) using the internet based on user settings.
3. Be able to reset usage etc. based on user settings.
4. Logs/reports showing All User statistics while on the Internet.

Does anyone know how to do this?

I've been finding Windows 10 Firewall rule sets on some computers that look strange.  I have the need for:
- comparing rules for a "new" computer with a "golden standard".
- comparing a "golden standard" with the Default rules.
- bringing a "new" computer that deviates from the golden standard into the "same" configuration.

One problem that I can foresee is that the "new" computer may have application installs that changed the firewall rules and I probably don't want to destroy those settings.
This argues that this is *no* golden standard set of rules.

Now, I can conjure up ways of doing this from scratch but wonder if someone knows of or has a process or some tool that has already dealt with issues like this?
No point in reinventing the wheel, eh?

I searched the web but seemed to only find firewall control sorts of programs - as distinct from firewall analysis and management at the text level.

I've thought about a process like this:
1) Set a "new" computer's firewall to Default
2) Run a script to add a standard set of rules or to modify the Default rules.
The first step is easy.
Coming up with the second step may be harder than simply looking at differences.....

The only case in point that I can describe - and maybe this is the only thing I need to look at - all of the File and Printer Sharing rules for Profile:Domain were missing and need to be restored.  
I think being able to do only this would be useful and I've done it by …

I have industrial machine needs to connect to an Access Point in order to download data through a software designed by the manufacturer, I am thinking instead of getting Physical Access Point "especially the machine is working in a sever application" to use Virtual Access point on the LAPTOP, tried ICS "Mobile Hotspot"  but this is not helpful because I need the machine to use /

Is there any Free Virtual Access Point can be download works with Windows instead of using ICS  instead of physical AP? or is there a way in Windows 10 to change IP address and subnet Mask for the clients ?

Thank You
Hi EE,

I am in the process locking down the connectivity of a Windows Server via the Windows Firewall. I have my inbound rules setup by in large, my question is how do I restrict the VPN / Remote Desktop Services on server only to allow connections from specific IP ranges.

Attached is snapshot of my current firewall configuration.

Using windows server 2016.

Any assistance is welcome.

Thank you.
Is there any possibility / way to configure Win7 firewall (on users' PCs)
such that it blocks users' access to Internet (namely Tcp80 & 443)
unless the user's VPN is connected or the user is connected to
our corporate LAN/Wifi?   Ie when user is at home or connects to
outside Wifi, the firewall rules will block the access (& only a single
firewall rule that permits connection to our corporate VPN appliance).

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Top Experts In
Software Firewalls