[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have pfsense with multi networks
1 wan
2 lan
3 servers
both lan and servers allowed for internet
but lan to server allowed for specific ip and port
the lan can access to wan and that should be not.
what I have to enable internet for lan without access to servers ?
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Windows Server 2008 Firewall

I'd like to restrict Remote Desktop access to the server to just one external IP, and one LAN IP.

Have created an inbound rule for the RD port.

If I enter the external IP in the rule scope options and leave local IP as any, then only the external IP connects but no local IPs
can connect. If I enter the local IP specifically then it blocks access from the external IP even though its specifiied.

It appears I can do one or the other only in the rule.

How do I configure the firewall to allow RD access from one specific internal IP and one specific external IP only ?

Thank you
hi i have 13 hour .mpg video file which i am trying to play in my phone which is not working

how to conver tthat to say mp4 which easily play in my anroid phone.
i am using mx player to play videos on phone

any free good tool for this conversion

please advise
Hi all,
We have to configure both scope and protocols on Windows firewall for our failover clustering nodes.
There is some problems such as renewing clustering APIPA IP addresses.
How can we configure these IP addresses on firewall properly?
I've checked the below ranges of local IP addresses but nodes will be down after enabling firewall. We should keep block Inbound and Outbound on firewall.
Sharing any experiences is appreciated.

how to understand this error and resolve it correctly. tks

I like the Zonealarm "Extreme" Pro firewall. But I don't like its management options.

My biggest irritation is the difficulty in managing the program list. Mine regularly bloats to over 2000 programs. The vast majority of which are duplicates.
I can understand why that would happen if a program has changed but the vast majority of the time, they haven't so my first question is
1 Why do we get duplication when a program in the list hasn't changed?

Next, once a program has been authorised either manually or automatically, it often has its "outbound trusted" flag set true. There are almost no programs I want sending data outbound without asking my permission first. So I find I need to "correct" a few hundred of them. Unlike deleting programs, which can be done in bulk (select a bunch, then click "Remove" and they all go) the ONLY way to switch off that "outbound trusted" flag is one at a time. That's insane. so

2 anyone know a way to switch off (or on) such flags in bulk? and
3 is there a way to make the default flag "Ask"

Ideally there would be a file we could hack outside zonealarm with all these settings and use standard database commands (or even text "search and replace" commands) to do bulk editing but I appreciate that would break their security model so I don't expect anyone to come back with that option but something like that, within ZA, is desperately needed

Finally, we used to be able to disable things, like the tvdebug.log by rightclicking the …
We have installed a PBX on AWS and connected it to our on-prem Router via VPN.

My on-prem router is connected to the SIP provider via a physical connection with another on-prem MUX device (device given by sip provider).

All connections are working fine, EXCEPT, my SIP provider has a condition that all connections to their server must originate from a specific IP that they have assigned to us.

Since AWS machine is connected via VPN, all calls from PBX are picking up the IP of the AWS machine as "source IP".

For resolving this, i need to replace / masquerade / NAT / change the IPs of all connections from AWS machine's IP to SIP provider's assigned IP. Someone suggested i need NAT loopback/reflection for this. Someone also suggested packet forwarding. someone suggest IP masquerading.

Please guide how can this be done?

I am deploying pfSense firewall following the topology bellow:
My Network Topology : Router + pfSense + FW1 (Router connected to Internet) + Internet Service Provider + Internet WebsiteWhere FW1 is a router connected to Internet using a leased line connection, and pfSense firewall is located in a BACKBONE network, different as users networks.
I add too, that this is a new setup of this firewall, and connectivity in both sides is verified, i mean:
  • Connection to internet : i was able to download new package SQUID/SQUIDGard from Package Manager
  • Connection to the LAN : i can access firewall from  my pc, and i can see SQUID error message, when i try to open a website
The problem now, I want to grant PC IP address authorization to access Internet. I created a RULES for both HTTP and HTTPS protocols, but i still cannot access Internet.
And the firewall, says that i have not the right to do so.
I'd appreciate any help from you Experts.

TrendMicro IWSVA latest version.

Catergory filtering with HTTP works fine but not with HTTPS websites.

Any idea?

I have been using an Excel 2016 VBA program that uses XMLPRC to upload some documents to a website.
This program has been in use for a number of years now, but it has just started to fail on my Windows 10 machines.

I see some messages in the Security Event log saying that the The Windows Filtering Platform has blocked a packet. Event ID 5152
I have added Excel to the Firewall, but doesn't seem to change.
The Windows Filtering Platform has blocked a packet.

Application Information:
	Process ID:		0
	Application Name:	-

Network Information:
	Direction:		Inbound
	Source Address:
	Source Port:		443
	Destination Address:
	Destination Port:		54377
	Protocol:		6

Filter Information:
	Filter Run-Time ID:	103400
	Layer Name:		Transport
	Layer Run-Time ID:	13

Open in new window

Is there somewhere else I can find details, or how can I allow these through?
Angular Fundamentals
LVL 12
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

is there any free open source gui for modsec managment and monitoring?
I looking for any free firewall software appliance. (Like the old version of sophos. The new version of Sophos provide only 30 days software appliance)
I don't know if there is any firewall which provide a software appliance free and without time restriction.
I want to change pfsense logo in the web gui
but I cant find the image file.
I am using the last version of it.
Problem with customers sending/receiving documents from server, running SolarwindServer har returned after Windows Update
After Windows Update port 22 i closed
If I stop the windows firewall, I still have the issue and according to traceng, port 22 is close even if firewall has been stopped
I only have a firewall setting for inbound port 22 (see attached files)

My hosting company solve the issue - they ask if there is an update avaiable for Solarwind SCP Server ver.
We have Migrated all the servers to a new domain.TMG  SERVER 2010 stop responding after joining to a new domain.in the event log following errors are logged

old domain was abc.gov.ca

new domain is xyz.gov.ca

1-the kerberos client received s krb_ap_err_modified error from the server dm-tmg01$.the target server name used was ldap/dm-tmg01.abc.gov.ca:2171.this indicate that the target server failed to decrypt the ticket provided by the client.

2-Windows Could not start the microsoft Forefront TMG Managed control Service On local Computer Error:1068

3-Windows Could not start the microsoft Forefront TMG job schedular Service On local Computer Error:1068

4-Windows Could not start the microsoft Forefront TMG Firewall Service On local Computer Error:1068
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
VAPT Test from fortinet.  I tested using this http://metal.fortiguard.com/
Now I want to test from outside by typing public IP.
IS there anyone who can guide me?
I have run ubuntu 18.4 lts
I install suricata by flowing these step:
everything is fine but I didn't understand where I have to put this server
I have main getaway --- > lan

so it will be just for listening or can drop packets?
what is the best opensource firewall that can work with mikrotik for ips,ids,brute force, attack ?
also is there any free open source waf server ?
Build an E-Commerce Site with Angular 5
LVL 12
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

I am trying to take backup of my ASA through tftp.

Command: ASA01/Hyb(config)# write net

Response: Building configuration...

                      INFO: Default tftp-server not set, using highest security interface Cryptochecksum: ******************************** !

%Error writing tftp:// //Test-561.tmp;int=inside (Timed out attempting to connect) [FAILED]

 Also after executing this command,  Test-561.tmp is created in TFTP directory but with size 0

TFTP server is installed in Linux, tftp is working fine as I am able to take backup of other ASA which is in the same network.

Your help will be appreciated.

Dilraj Kumar Paswan
We have cisco wireless controller 2500, there it will not support webfiltering. i just want to do web filtering for my office wifi.

so can i use any tool in dns server to block websites??

please suggest me some simple and open source tool

My goal is to be able to connect to private network located behind OpenVPN client ( via OpenVPN server WAN interface.
For example I want this forwarding: http://{Ubuntu WAN IP}:443 -->  http://{Private LAN IP behind OpenVPN client }:443
Please take a look at the attached screenshot.
-  Ubuntu VPS knows the route to private LAN subnet that is behind OpenVPN client ( and MikroTik router knows the route to OpenVPN subnet (
- I can connect to Ubuntu VPS via SSH and successfully ping MicroTik OpenVPN interface ( and also I can ping any host from MicroTik private LAN subnet that is behind OpenVPN client ( , needless to say the private LAN hosts that are behind OpenVPN client (from subnet) can easily ping Ubuntu OpenVPN interface ( too.
- Also any host from OpenVPN subnet ( if connected to OpenVPN server via OpenVPN client allows communication like http://{Ubuntu WAN IP}:443 --> http://{Private IP of OpenVPN client}:443 using UFW NAT rule.
When I’m trying http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP behind OpenVPN client}:443 I have following behavior:
1)      Packets successfully arrive to host behind OpenVPN client (to any host from )
2)      But the host of this subnet can't route back this received public IP packet via OpenVPN tunnel, it replies using ISP WAN address.

I would very happy if someone is able to help me solve this …
Hello, Could you help with this issue ? i can't push a policy in checkpoint i have this error
eror database checkpoint
COuld you help me ?
Cannot access FTP Server (Win2016Std) from Internal.  (or from outside, when used with WordPress as a client)

FTP Server ( and IIS on same server behind firewall (TMG 2010). Configured publishing rule to forward External IP (X.X,X,X) to Internal (

All firewall rules are configured. Can connect from outside by FTP client (PASV) - no problems! Do not really need to connect from LAN, but


WORPRESS SITE requires FTP Server setup on WEB Server to upload Updates from WEB Site.

When I try to ftp from WordPress it sends internal IP of the WEB Site as a client IP ( not the Client IP of the Browser machine.
So, TMG does not allow internal to external loopback...

Any solution?
Website can't be reach internal network!

I have weird issue came up. we have company website that hosted on Godaddy.com and working. I can access from outside of my network and without our router/firewall. I used my laptop directly plug into ISP modem and can access the website fine.  I can ping by ip address of the site and name of the address.  I can ping www.website.com or website.com just fine.
I can nslookup from internal computer and came up with correct ip address. I cleared the cache on internal DNS server.  I tried turn off firewall (Cisco RV345P).
None of these working. Help!!!

Software Firewalls





Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.