Re: SBS 2003 + Windows SP 2 Firewall

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Shaun,

It doesn't only use port 8192, but also 8193 and 8194. You can add those
exceptions in the SBS Windows XP Firewall policy. If you don't have that
many clients, you can do it yourself on each client in the XP Firewall,
Exceptions, add.

--
Regards,

Marina Roos
Microsoft SBS-MVP
One of the Magical M&M's
www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=53

"madmondeoman" <madmondeoman@xxxxxxxxxxxxxxxxxxxxxxxxx> schreef in bericht
news:3E1DC2C8-8252-4BA4-83BF-25BA3858E16A@xxxxxxxxxxxxxxxx
> I have had the following response from Sophos.
>
> The product communicates through standard Windows File and Print sharing
> ports for downlading updates (137 138 139 and/or 445).
>
> It also uses port 8192 for the communication with the console.
>
>
> How do I open the ports in group policy please.
>
> Thanks
>
> Shaun
>
> "Marina Roos [SBS-MVP]" wrote:
>
> > Hi Shaun,
> >
> > Don't disable the XP firewall. In stead, turn on the logging on those
XP's
> > and check the pfirewall.log to see which port it is using.
> >
> > --
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> > One of the Magical M&M's
> >
> > "madmondeoman" <madmondeoman@xxxxxxxxxxxxxxxxxxxxxxxxx> schreef in
bericht
> > news:2D39180C-2B3C-42C5-956F-63CB4AA8EA24@xxxxxxxxxxxxxxxx
> > > Hi MArina
> > >
> > > I checked with sophos and they said that it should just work, doing
loads
> > of
> > > updates on the server and then disabling the xp firewall from within
gruop
> > > policy works no problem, just seems a strange way of doing it??
> > >
> > > thanks
> > >
> > > shaun
> > >
> > > "Marina Roos [SBS-MVP]" wrote:
> > >
> > > > Hi Shaun,
> > > >
> > > > Did you open the proper ports in the XP firewall? You can open those
> > ports
> > > > with Group Policy as well. I don't know which ports the SBE version
> > wants
> > > > opened, but I surely wouldn't disable the XP firewall.
> > > >
> > > > --
> > > > Regards,
> > > >
> > > > Marina
> > > > Microsoft SBS-MVP
> > > > One of the Magical M&M's
> > > >
> > > > "madmondeoman" <madmondeoman@xxxxxxxxxxxxxxxxxxxxxxxxx> schreef in
> > bericht
> > > > news:751BFA2D-BE29-4165-B745-73503A275D9D@xxxxxxxxxxxxxxxx
> > > > > Hi Marina
> > > > >
> > > > > Thanks for the reply. I am using sophos small business edition
version
> > > > 1.1.
> > > > >
> > > > > Thanks
> > > > >
> > > > > Shaun
> > > > >
> > > > > "Marina Roos [SBS-MVP]" wrote:
> > > > >
> > > > > > Hi Shaun,
> > > > > >
> > > > > > This is weird as I don't see that on my networks with Sophos
> > antivirus.
> > > > > > Something else is going on here. Which Sophos version are you
using?
> > > > > >
> > > > > > --
> > > > > > Regards,
> > > > > >
> > > > > > Marina
> > > > > > Microsoft SBS-MVP
> > > > > > One of the Magical M&M's
> > > > > >
> > > > > > "madmondeoman" <madmondeoman@xxxxxxxxxxxxxxxxxxxxxxxxx> schreef
in
> > > > bericht
> > > > > > news:9FBF053E-B2D4-49F5-B817-CFE19B284336@xxxxxxxxxxxxxxxx
> > > > > > > I have various sites now with SBS 2003 and XP SP 2
workstations.
> > We
> > > > use
> > > > > > > Sophos anti virus. The comsole doesnt see the workstation now
and
> > its
> > > > down
> > > > > > to
> > > > > > > the firewall. I did manage to disable it on 1 site using group
> > policy
> > > > but
> > > > > > > cant rememebr where. If I go into any of the workstations the
> > firewall
> > > > is
> > > > > > all
> > > > > > > greyed out O cannot disable it from there. Has anyone else had
a
> > > > similar
> > > > > > > problem or any idea
> > > > > > >
> > > > > > > many thanks
> > > > > > >
> > > > > > > shaun
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >


.

Relevant Pages

  • Re: blocking chat and instant messaging?
    ... > chat and instant messaging be blocked. ... > application-layer firewall. ... You are correct that filtering packets on port number and IP address is ... Not all IM clients currently scan other well-known ports to attempt ...
    (comp.security.firewalls)
  • Re: windows firewall
    ... I think at this point, you might want to consider doing a network trace to ensure that it really is a port-blocking problem, that is, if you're SURE you set up the firewall exceptions correctly. ... Group Policy Management solutions at http://www.sdmsoftware.com ... that the clients are seeing the domain during their boot. ...
    (microsoft.public.windows.group_policy)
  • Re: Windows firewall on clients
    ... actually I was wanting to run Zonealarm on the clients as it is ... > you'll see the "Small Business Server Windows Firewall" policy. ... and the setting cant be modified locally. ...
    (microsoft.public.windows.server.sbs)
  • Re: [fw-wiz] httport 3snf
    ... > Having worked in the Firewall support role at several companies, ... I had my CIO approve my security policy. ... time educating him about Internet risk. ... There's also a very good "at what point is the firewall now useless" ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Security and Audit Policy
    ... Enabling firewall rules without a solid security policy and management ... nameserver (I don't like clients resolving directly in any circumstance.) ...
    (Firewall-Wizards)