Windows 7 Firewall - Inbound rule

I am using FileZilla FTP Server, I created (manually) my own inbound rule, but it didn't work, I mean I was not able to access the FTP Server. Then I ran the "Troubleshoot my network" assistant, and it created a new inbound rule in Windows
Firewall, this inbound rule worked perfectly, I was able to access the FTP Server.
Then, I modified the inbound rule created by me to exactly match the inbound rule created by the "Troubleshoot my network" assistant, but still the inbound rule created by me doesn't work.
My question is: Does the "Troubleshoot my network" assistant also modify or create other things? If so, what does it modify or create?
Thank you very much

Hi,
We might use the network troubleshooter event logs to take a look at this issue, more details, please check:
Use Network troubleshooter event logs to solve network problems
Best regards
Michael Shao
TechNet Community Support

Similar Messages

Is 'SQLCMD.EXE' the SQL Server 2008 executable to be added to a Firewall 'Inbound Rule' to allow remote access?

I would like to add a new Firewall 'Inbound Rule' to allow remote access by
SQL Server 2008.
SQL Server Management Studio shows two TCP/IP instances, both of which are Enabled.
One uses port 1433 and the other uses ‘TCP Dynamic Ports’.
In SQL Server, the server has ‘Allow remote connections to this server’ checked.
My Firewall allows port 1433 for the one TCP/IP instance.
Since the other instance is dynamic, I would like to add a new
Firewall 'Inbound Rule' to allow the SQL Server executable to run.
I’ve read that the SQL Server executable is commonly named SQLSERVR.EXE, but there is no such file on my laptop.
I’m assuming the executable that needs to be added to the Firewall 'Inbound Rule'
is SQLCMD.EXE (in the path C:\Program Files\Microsoft SQL Server\100\Tools\Binn).
Can anyone please confirm this? (I'm running Windows 7). Thanks.

Hi Bontrager,
Firstly, please run
Discovery Report to the detect the existing SQL Server 2008 instance. If SQL Server 2008 is installed properly on your machine, the sqlservr.exe should exists in C:\Program Files\Microsoft SQL Server\MSSQL10.<instance_name>\MSSQL\Binn.
Secondly, if SQL Server 2008 is configured to use dynamic port, it is difficult to configure the firewall to enable access to the correct port number because the port selected might change every time that the Database Engine is started.
Therefore, if a firewall is used, please reconfigure the SQL Server 2008 to use the static TCP port by using SQL Server 2008 Configuration Manager.
For more information, please review this
article. After that, you can add the port number in firewall inbound rule.
Thirdly, if you want to connect to SQL Server 2008 from outside the firewall by instance name, SQL Server Browser should be turned on and you'll have to allow the SQL Server Browser through the firewall, which is UDP port 1434.
Reference:
https://msdn.microsoft.com/en-us/library/cc646023.aspx
http://stackoverflow.com/questions/10539900/opening-ports-sql-server-instances
Thanks,
Lydia Zhang
Lydia Zhang
TechNet Community Support

Firewall Inbound Rules - Specific Users/Computers

Hello,
I am trying to configure Inbound Rules in a specific way and it's not quite giving me exactly what I want/expected it to do.
I have two inbound rules as follows:
RDP - Andy
Allow connection if secure
Computers - Andy-PC
Users - Andy
RDP - Steve
Allow connection if secure
Computers - Steve-PC
Users - Steve
Now what I expected to happen was that steve can only connect from steve-pc and andy can only connect from andy-pc, however it seems that steve or andy can connect from either PC. Ideally I only want a specific user to connect from a specific machine, not
from any machine which I have rules for (I will have several of these rules eventually). is this something Windows Firewall can do or am I asking too much?
Many thanks
Steve

Hi Steve,
I apologize for my mistakes.
According to this article below:
Firewall Rule Properties Page: Users Tab
http://technet.microsoft.com/en-us/library/dd759078.aspx
We can use
Exceptions section to identify user or group accounts that might be listed in
Authorized users, possibly because the user or group account is a member of a group, but whose
network traffic must be blocked by Windows Firewall.
You can try to add user accounts in the Exception section to see if this works. If this method is not working, try to check if there are any other rules which are overriding
the new rule.
In addition, based on my research, there is another way to achieve this through
User Rights assignment. By assigning the Deny log on through Remote Desktop Services user right on the local machine, you can deny all other users which you don’t want them to access this specific computer, only allow the one
user you prefer.
Since User Rights assignment is a
local security policy, we need to make sure that there is no other high level Group Policy like Domain Policy defined which can conflict with user rights, because once there are conflicts, higher level policies override lower ones.
Here are some articles below about User Rights:
Deny log on through Remote Desktop Services
http://technet.microsoft.com/en-us/library/dn221959.aspx
User Rights Assignment
http://technet.microsoft.com/en-us/library/dn221963.aspx
Best Regards,
Amy

Windows Firewall issue, Inbound rule opend all, still not the same as turning off

This is Windows Firewall issue on Windows 8.1 Pro.
Backup Exec server cannot expand a computer node in selection list. I drill down to Microsoft Windows Network/Domain/Computers, then when I tried to expand a Windows 8.1 Pro computer node, it hangs out.
I narrowed this problem to Windows firewall related issue on Windows 8.1 Pro computer.
When I turn off Windows Firewall on Domain profile, Backup Exec Selection expands the computer node of the Windows 8.1 Pro computer. So, I created an inbound rule opening all to BAckup Exec server as following, but it's still not the same as turning off
Windows firewall specifically on Windows 8.1 Pro computer;
Any Local IP address, Any Remote IP address, Any port, Any protocol, All Interface, All Programs and Services, All profiles(Domain, Private, Public)
And there are no rules blocking any which may override the above rule.
Ethernet on Windows 8.1 Pro computer shows profile is linked with Domain, but just to make it work, I selected all profiles.
Even though I opened all available in inbound rule, it's still not the same as turning off windows firewall. Why am I missing?

It looks as something related to RPC(UDP 135), but even when inbound rule is all open, why it matters? RPC seems working fine only when firewall is turned off on domain profile.
Protocol 17 is UDP
Port: 135
===============================
Event ID 5152
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID:
0
Application Name:
Network Information:
Direction:
Outbound
Source Address:
192.168.1.120
Source Port:
0
Destination Address:
192.168.1.11
Destination Port:
0
Protocol:
1
Filter Information:
Filter Run-Time ID:
245836
Layer Name:
ICMP Error
Layer Run-Time ID:
32
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID:
0
Application Name:
Network Information:
Direction:
Inbound
Source Address:
192.168.1.11
Source Port:
35341
Destination Address:
192.168.1.120
Destination Port:
135
Protocol:
17
Filter Information:
Filter Run-Time ID:
245834
Layer Name:
Transport
Layer Run-Time ID:
13

How to Create Windows Firewall Predefined rules using Powershell

Windows Firewall Predefined rules using Powershell
Following commands are working some time however sometimes it's giving errors. Any help would be appreciated
WORKING ==> Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True
Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True -Direction Inbound
NOT WORKING
PS C:\Windows\system32> Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True -Direction Outbound
Set-NetFirewallRule : One of the port keywords is invalid.
At line:1 char:1
+ Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True -Dire ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (MSFT_NetFirewal...ystemName = ""):root/standardcimv2/MSFT_NetFirewallRule) [Se
t-NetFirewallRule], CimException
+ FullyQualifiedErrorId : HRESULT 0x80070057,Set-NetFirewallRule
PS C:\Windows\system32> Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True -Direction Outbound
Set-NetFirewallRule : One of the port keywords is invalid.
At line:1 char:1
+ Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True -Dire ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (MSFT_NetFirewal...ystemName = ""):root/standardcimv2/MSFT_NetFirewallRule) [Se
t-NetFirewallRule], CimException
+ FullyQualifiedErrorId : HRESULT 0x80070057,Set-NetFirewallRule
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

The command:
Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Direction Outbound
produces the output:
Name : FPS-NB_Session-In-TCP
DisplayName : File and Printer Sharing (NB-Session-In)
Description : Inbound rule for File and Printer Sharing to allow NetBIOS Session Service connections. [TCP 139]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-NB_Session-Out-TCP
DisplayName : File and Printer Sharing (NB-Session-Out)
Description : Outbound rule for File and Printer Sharing to allow NetBIOS Session Service connections. [TCP 139]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-SMB-In-TCP
DisplayName : File and Printer Sharing (SMB-In)
Description : Inbound rule for File and Printer Sharing to allow Server Message Block transmission and reception via Named Pipes. [TCP 445]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-SMB-Out-TCP
DisplayName : File and Printer Sharing (SMB-Out)
Description : Outbound rule for File and Printer Sharing to allow Server Message Block transmission and reception via Named Pipes. [TCP 445]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-NB_Name-In-UDP
DisplayName : File and Printer Sharing (NB-Name-In)
Description : Inbound rule for File and Printer Sharing to allow NetBIOS Name Resolution. [UDP 137]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-NB_Name-Out-UDP
DisplayName : File and Printer Sharing (NB-Name-Out)
Description : Outbound rule for File and Printer Sharing to allow NetBIOS Name Resolution. [UDP 137]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-NB_Datagram-In-UDP
DisplayName : File and Printer Sharing (NB-Datagram-In)
Description : Inbound rule for File and Printer Sharing to allow NetBIOS Datagram transmission and reception. [UDP 138]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-NB_Datagram-Out-UDP
DisplayName : File and Printer Sharing (NB-Datagram-Out)
Description : Outbound rule for File and Printer Sharing to allow NetBIOS Datagram transmission and reception. [UDP 138]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-ICMP4-ERQ-In
DisplayName : File and Printer Sharing (Echo Request - ICMPv4-In)
Description : Echo Request messages are sent as ping requests to other nodes.
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-ICMP4-ERQ-Out
DisplayName : File and Printer Sharing (Echo Request - ICMPv4-Out)
Description : Echo Request messages are sent as ping requests to other nodes.
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-ICMP6-ERQ-In
DisplayName : File and Printer Sharing (Echo Request - ICMPv6-In)
Description : Echo Request messages are sent as ping requests to other nodes.
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-ICMP6-ERQ-Out
DisplayName : File and Printer Sharing (Echo Request - ICMPv6-Out)
Description : Echo Request messages are sent as ping requests to other nodes.
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-LLMNR-In-UDP
DisplayName : File and Printer Sharing (LLMNR-UDP-In)
Description : Inbound rule for File and Printer Sharing to allow Link Local Multicast Name Resolution. [UDP 5355]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : FPS-LLMNR-Out-UDP
DisplayName : File and Printer Sharing (LLMNR-UDP-Out)
Description : Outbound rule for File and Printer Sharing to allow Link Local Multicast Name Resolution. [UDP 5355]
DisplayGroup : File and Printer Sharing
Group : @FirewallAPI.dll,-28502
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
The command:
(Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Direction Outbound).DisplayName
shows the display names of the 14 outbound rules in the FPS group:
File and Printer Sharing (NB-Session-In)
File and Printer Sharing (NB-Session-Out)
File and Printer Sharing (SMB-In)
File and Printer Sharing (SMB-Out)
File and Printer Sharing (NB-Name-In)
File and Printer Sharing (NB-Name-Out)
File and Printer Sharing (NB-Datagram-In)
File and Printer Sharing (NB-Datagram-Out)
File and Printer Sharing (Echo Request - ICMPv4-In)
File and Printer Sharing (Echo Request - ICMPv4-Out)
File and Printer Sharing (Echo Request - ICMPv6-In)
File and Printer Sharing (Echo Request - ICMPv6-Out)
File and Printer Sharing (LLMNR-UDP-In)
File and Printer Sharing (LLMNR-UDP-Out)
If your output is different than this, it means rules have been removed (or added) to the File and Print Sharing group.
For example, if you run the command:
New-NetFirewallRule -DisplayName "My test rule 2" -group "File and Printer Sharing" -Enabled True -Protocol tcp -LocalPort 12346 -Direction Inbound
This adds a new inbound firewall rule to the FPS group. Output looks like:
Name : {06449724-944b-4048-834f-8870b9dce4f6}
DisplayName : My test rule 2
Description :
DisplayGroup : File and Printer Sharing
Group : File and Printer Sharing
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
This test rule is of course useless because there's no listener on TCP port 12346 on this particular machine..
The new rule can also be viewed in Windows Firewall with Advanced Security:
Now if you run the command:
(Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Direction Inbound).DisplayName
the output will look like:
File and Printer Sharing (Spooler Service - RPC)
File and Printer Sharing (Spooler Service - RPC-EPMAP)
My test rule 2
Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable)

How can I open my Windows 7 firewall just for FTP use?

I originally tried this question at the regular user forums, but after no success a Microsoft Support Engineer suggested I post here.
On my Mac, if I use FileZilla to connect to an FTP (not sFTP) server, it works fine.
However, in Windows 7 or Windows 8, if I use FileZilla or WinSCP to connect to the same server, when it gets to the point where it starts to list the remote directory I get an ECONNABORT error and get disconnected.
Here is a transcript from FileZilla:
Command:   USER douglerner
Response:   331 User name okay, need password.
Command:   PASS **********
Response:   230 User logged in, proceed.
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   502 Command not implemented.
Status:   Server does not support non-ASCII characters.
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is current directory.
Command:   TYPE I
Response:   200 Command okay.
Command:   PASV
Error:   Disconnected from server: ECONNABORTED - Connection aborted
Error:   Failed to retrieve directory listing
However, if I turn off the Windows firewall it works and I can use FileZilla and other FTP clients just fine.
My question is, rather than turning off the firewall altogether, how can I make an exception just for FTP, or just for FileZilla. I believe ports 20 and 21 are used depending on whether the connection is active or passive.
It isn't just me either. I was trying to help somebody else who is experiencing the exact same thing in his Windows 7. If he turns off the firewall completely FTP works. Otherwise it's the same error. He is on a different network altogether, in a different
country. Neither of us are behind proxy servers. In my case, it's just my home network.
I tried the following so far:
1. Make sure that FileZilla was listed as allowed in the firewall control panel. It was by default, so that didn't help.
2. Creating an "inbound rule" in the advanced settings for ports 20-21. That didn't help either.
Just completely turning off the firewall lets it work.
Any suggestions?
Thanks,
Doug

Hi doug,
What is your current situation? Have you solved this issue?
Here I list the several solution:
Use the network monitor the capture package related to FTP as arnavsharma mentioned.
Take a look at the article as Sebastian and Sameer Gawde mentioned.
http://technet.microsoft.com/en-US/en-en/library/dd421710%28v=ws.10%29.aspx#bkmk_1
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support

Can't get windows 7 firewall to allow transfer of dicom images

I work in a hospital where I have to send images from a Linux server to a Windows 7 workstation. I use a software program called K PACS on the windows workstation to receive the images. I can't transfer images to K-PACS from the Linux computer
unless the windows 7 firewall is turned off. According to the inbound and outbound rules of the windows 7 firewall KPACS communication is allowed. The communication is supposed to occur on port 104 so I made sure that communication on port 104
was allowed but that didn't help. It only works when windows 7 firewall is off. Does anyone have any suggestions?

Hi Gamaliel Isaac,
Sometimes the communication is supposed to occur on port 104 by default, but it will be changed if the port is occupied by another service. And workstation might use different port or several ports for communication. The best way for troubleshoot this kind
of issues is packet capture.
Please download Microsoft Network Monitor and run it on your workstation and server. Try finding out the Ports needed. Then modify your Windows firewall police.
For more information about Microsoft Network Monitor:
https://support.microsoft.com/kb/933741?wa=wsignin1.0
You could download from:
http://www.microsoft.com/en-us/download/details.aspx?id=4865
Regards

WINDOWS NT 와 FIREWALL 관련

제품 : SQL*NET
작성날짜 : 1998-11-26
WINDOWS NT 와 FIREWALL 관련
===========================
(일반적으로 SQL*NET listener 가 1521 Port 를 사용한다고 가정)
Windows NT 에서 Firewall 이 설치된 경우 1521 Port 를 열어주었다고
하더라도 클라이언트에서 접속시 ORA-12203 error 가 발생하게 된다.
이유는 아래의 그림과 같다.
1. 클라이언트가 접속 시도를 한다.
2. Listener 가 Redirect connect 를 하도록 한다.
이때 주어지는 포트는 사용하지 않는 Random Port 이다.
3. 클라이언트에서 재접속을 한다. (이때 사용하는 port 가 문제가 된다)
그림을 잘 맞춰주세요.
------ <-------2-----2---- ---------
|client| |listener |(port=1521)
------ --------1-----1----> ---------
|
----------3-----3------> ---------
| oracle |(port=xxxx)
해결방법은 두가지가 있다.
1. SQLNet proxy 가 포함된(Build into) Firewall 을 사용하는 것이다.
먼저 SQLNet proxy 가 Listener 와 다른 포트를 이용해서 기동되어야 한다.
(보통 1610 을 사용)
아래 그림과 같이 접속이 가능하게 된다.
firewall
||
------ <----2--------||-----2------ ---------
|client| || |listener |(port=1521)
------ ----1------> proxy --1------>---------
A ＼ /||\
| -----3-------/ || \---3------>---------
| || | oracle |(port=xxxx)
----------4---------||-----4----------------+
2. 8.0.X 버전에서 지원되는 기능을 사용한다.
레지스트리에 있는 USE_SHARED_SOCKET 이란 parameter 를 사용한다.
Firewall 의 종류에 전혀 구애받지 않는다.
Listener Port 만 열어주면 된다.
Parameterm 의 Syntax 는
USE_SHARED_SOCKET=TRUE
이다.
레지스트리에 각 DB version에 따라 아래와 같이 존재한다.
\\HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE (Relases 8.0)
\\HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\HOME<#> (Release 8i )
이 파라미터의 기능은 1521 Port 만을 사용하는 것이다.
현재 session들이 살아있는 상태에서 listener가 stop 될 수는 있지만
다시 start되기 위해서는 현 session들을 모두 닫아야 한다.

Hi,
How have you configured Windows Firewall rules on the Server?
Would you please post out the log which indicates that the traffic was blocked?
Best Regards,
Amy

Windows 7 firewall blocking airplay after allowing

Hi guys and gals,
Windows 7 firewall is blocking airplay from my PC (iTunes) to my Apple TV and also stopping me using my iPhone (remote) to control iTunes.
If I turn the firewall off all is well with the world but once I reinstate it everything stops working again.
I've set up incoming and outgoing rules for iTunes and ports TCP 3689 and UDP 5353 as per guides on these forums, i've also selected iTunes in the 'allow a program...' list.
Everything is running the latest version, I've reset and updated Apple TV and re installed iTunes.
Help me please as its driving me mad!

Hmm, not sure I completely understand now. What exactly simultaneously should mean in this context? The thing is that it seems there's no chance in getting the connection to work when I first turn on the client on my Windows computer. The other way (starting on my Linux computer) it works just fine, and I am able to connect from my Windows to my Linux anytime.
Also I'm not sure that this is the problem, cause it seems that same problem apply to connection to other computers as well (however this impression is based on a testing with just a very few tries, so I'll try to test it more soon).
Thanks for the explaining anyway!

Upload Ftp commands in C# program are blocked by Windows 7 firewall

Hello everybody,
I have developped a C# application which launches a Ftp command file.
But I cannot upload the files.
When I run the Ftp command file manually, it works.
And when I disable the Windows 7 firewall for domain, the C# application works.
Here is the Ftp command file :
OPEN 100.100.100.100
user usr_essai
pwd_essai
binary
cd dir_essai
mput "C:\Essai_Ftp\*.doc"
quit
And here is the Ftp log file when I try to run the C# application :
ftp> Connecté à 100.100.100.100
OPEN 100.100.100.100
220 ESSAI1
ftp> user usr_essai
331 User usr_essai, password please
230 Password Ok, User logged in
ftp> binary
200 Type Binary
ftp> cd dir_essai
250 Change directory ok
ftp> ftp>
mput "C:\Essai_Ftp\*.doc"
200 Port command received
425 Unable to open the data connection
200 Port command received
425 Unable to open the data connection
200 Port command received
425 Unable to open the data connection
200 Port command received
425 Unable to open the data connection
ftp> ftp>
quit
221
I have tried to exclude some programs from the firewall.
I have created out going rules for excluding "ftp" and "w3wp.exe" in the firewall.
But none of these actions have made the C# application to work.
Do you have an idea ?
Thank you very much in advance.
Laurent.

Hi,
This issue is more related with Visual C#, you could post in that forum:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=csharpgeneral
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Karen Hu
TechNet Community Support

Oracle12c SQL*NET blocked by Windows 2008 firewall - what is the correct solution?

Hello,
I have a question with regards to the SQL*NET traffic being blocked by the Windows 2008 firewall. This document shows that disabling the firewall can resolve the problem:
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=166773506396122&id=1472931.1&displayIndex=13&_afrWindowMode=0&_adf.ctrl-state=o4dq0hlih_112
Is this really the solution?
From what I understand from other documents is that just enabling port 1521 will not resolve any issues, as SQL*NET can use redirection to other random ports. That is probably the reason why the Oracle installation does not alter any firewall settings.
What other methods do people use to connect a client to a DB server?
This document shows what other methods to use, but who uses them?
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=166043735580557&id=68652.1&_afrWindowMode=0&_adf.ctrl-state=o4dq0hlih_78
Does anyone use the Oracle Connection Manager for example?
Thanks
Richard

I configure firewall to allow DB Server to start new network connections

Question: Inbound Rules on Secondary EthIF

Good Morning,
Please note the following:
- Trying eliminate my FW as the issue for inbound connectivity issues on FIOS line
Here is the scenario:
- Ethif_0 = (Primary ISP)
- Ethif_3 = (Secondary ISP)
- All intitial inbound static NAT statements (public to pvt IP) are setup on Eth_0 (see below example):
   Primary ISP ACL and NAT statement --> on Ethif_0
   a) access-list outside_acl extended permit tcp any host 72.x.x.10_ext eq www (primary ISP IP's)
   b) static (inside,outside) tcp 72.x.x.10_ext www int_hostname www netmask 255.255.255.255
   Secondary ISP ACL and NAT statement --> on Ethif_3
   a) access-list FIOS_access_in extended permit tcp any host 72.x.x.100_ext eq 80 (Secondary ISP IP's)
   b) static (inside,outside) 72.x.x.100_ext int_hostname netmask 255.255.255.255
Question:
1. Does the secondary statement looks right?
2. Why if I am trying to connect to Secondary ISP IP, it does not register at the FW ( /28 IP subnetted)
3. Also and lastly VZ FioS line only seems to allow the first usable IP to be accessible or pinged (which is the ASA), but every IP after that seem to stop at a device somewhere in Chicago and I am in NY (see traceroute below):
1
26
0
0
     8.9.232.73
xe-5-3-0.edge3.dallas1.level3.net
2
0
0
0
     4.69.145.76
ae-2-70.edge2.dallas3.level3.net
3
0
0
0
     4.68.62.34
mci-level3-ae.dallas3.level3.net
4
25
22
22
     130.81.17.62
xe-2-0-3-0.chi01-bb-rtr1.verizon-gni.net
5
Timed out
Timed out
Timed out
6
Timed out
Timed out
Timed out
7
Timed out
Timed out
Timed out
8
Timed out
Timed out
Timed out
Do you guys think that my issue is with Verizon (I pray its not) or do you think that its a configuration issue on my end. I am familiar with ASA but more familiar with Fortigate FW's.
Also, the goal and or the excercise is to move all inbound translations from Primary ISP IP's to Secondary ISP IP's.
Please let me know what you think as I have been losing sleep on this matter.
Thank you

So you say that on the Secondary ISP interface you can only see connections coming to the interface IP address of the ASA but no other Static NAT or Static PAT works on that interface?
Ans) Yes. No other Static mapping shows up in the logs
Have you tried changing the Secondary ISP interface to some other IP address from the same subnet and seen if it still works?
Ans) I have not, but all this would do is configure the Eth with IP does not really address why other IP are not being translated internally. Will try it though.
Have you by any chance configured "sysopt noproxyarp FIOS"?
Ans) I will look up this command, but how relative is this command. Never had to use it
If you have this could mean that the ASA wouldnt answer to the Secondary ISPs ARP request for any of other public IPs used in the Static NAT / Static PAT statements. The "FIOS" interface would still be working since its configured to an actual physical ASA interface. Or that is my understanding atleast.
Ans) Good point. Will check
I am kinda wondering the routing setup also. Mainly because you cant have 2 default routes active at the same time. But if the connections are iniatiated from the Internet through the different ISP, its my understanding that in this case the ASA should be able to forward the return traffic from your server through the correct ISP from where the initial connection came from. Again this is a situation which I dont run into in my job as we dont handle Dual ISP setups directly on an ASA.
Ans) The routing is very simple. 2 static routes with different AD's Primary out = Secondary = AD-1. Secondary out = AD-250. Inbound rules and destinations to internal resources are enabled for both ISP's and DNS records primarily point to Primary ISP's.
Basic setup but not very basic results.
Thank you

Shared Discovery - Windows 7 Firewall & Defence block Airtunes in iTunes 10

Just sharing my discovery today
When I updated to iTunes 10 a few days ago on a few Windows 7 x64 machines, my airport express speakers and appletv no longer listed in the speaker dropdown in itunes 10
Switched Windows 7 Firewall & Defence off and Comodo Internet Security Firewall & Defence+ on instead (in training mode) and they instantly all came back
Hope this helps someone out there

Thank you Steve for your comments
I have been participating in a bunch of threads on the same issue
You are pointing in the right direction, though I am behind a NAT'd modem router with its own defence, Windows ain't as simple as OS X! So I reluctantly use the security software to protect from my own mistakes with rogue sites or files
Here's yesterdays post elsewhere:
Re: Airport not showing up in iTunes 10
Posted: 15-Sep-2010 15:40 in response to: Gravii
Reply Email
iTunes 10 (Windows 7 x64) seems to have problems with remote/multiple speakers over network with airtunes/airplay (Airport Expresses & AppleTV).
I know its not the hardware, as my MacBook Pro on the same network with iTunes 10 works properly with airtunes/airplay to my two airport express speakers and appletv speakers.
Have done many tests with multiple Windows 7 machines (ethernet connected) with firewall/defense security settings off and full itunes and bonjour passthrough (mDNSResponder.exe).
Also when I go into iTunes 10 preferences and switch off and on "Look for remote speakers" the speakers drop down completely disappears never to be seen again on two separate machines (at home network and work network).
Have had very nice Airtunes/play/port Express and Apple TV speaker experience for some time with these machines before iTunes 10 - Hence I have 2 expresses and an appletv at work and an express at home for remote speaker system and windows 7, with my Macbook pro floating between the two locations
I am stumped
It feels like iTunes gives up on looking for remote speakers and changes a windows registry entry for the service to be permanently off (hence the total disappearance of the drop down remote speaker selector)
MacBook Pro (Late 2008) Unibody and Windows 7 Desktops Mac OS X (10.6.4) Occasionally use Bootcamped Windows Windows 7 x64 on Macbook Pro
Re: Airport not showing up in iTunes 10
Posted: 15-Sep-2010 20:54 in response to: markneal
Reply Email
Just got the functionality back by completely uninstalling Comodo Internet Security (Version 4.1.150349.920 and 5.0) and using Microsoft's own Security Essentials software for Windows 7 instead
MacBook Pro (Late 2008) Unibody and Windows 7 Desktops Mac OS X (10.6.4) Occasionally use Bootcamped Windows Windows 7 x64 on Macbook Pro

TA24260 How do I enable itunes in using windows 7 firewall?

trying to access Itunes store via Itunes. I have followed all the support directions about cleaning out dns, updating windows and reloading itunes but none have worked. the support site has directions on how to enable itunes using windows xp firewall but not for windows 7. just thought this maybe a possibility. I did run diagnostics in itunes and it is saying that the secure connection to itunes store failed. when I click on help next to it - nothing comes up. I have connection to the internet in all other sites. just trying anything I can.
thanks

Try this document instead:
iTunes 10 for Windows: Enable iTunes in the Windows Firewall

Windows 7 firewall problem

Hi,
I'm trying to develop a test application for P2P communication via Cirrus and came up to following problem with my Windows 7 firewall:
How is my app designed to work: The application generates key (initConnection) on one side, then I manually copy the key to the other machine and connect again. Init send stream and receive stream on both of them should make the communication available. Whole code is attached below, it's just some sample code I downloaded somewhere for testing purposes.
#edit: you can check working copy of the application here: http://peskovi.cz/p2ptest/P2Pplugin.html
My setup: I've got two computers in my local network (connected through cable to same switch), Windows and Linux. However it seems I'm having the same trouble connecting to distant computers as swell.
My problem: It seems that Windows 7 is partially blocking my connection. The thing is, when I init the connection on Windows and then copy the generated code to Linux and connects there, connection's not working at all. However, when I do it the other way (init on Linux and copy generated code to Windows), everything works just fine. Also, when I turn off firewall on my Windows it works fine both ways too. I have several reasons to believe there might be something wrong with my app:
1) The sample app on Adobe Labs (http://labs.adobe.com/technologies/cirrus/samples/) works just fine both ways.
2) RTMFP should be bidirectional protocol right? Doesn't make a lot of sense to me, why would I be able to connect to existing connection, but I wouldn't be able to start a new connection? That should pretty much use the same resources (ports), shouldn't it?
3) If this is just a common thing with Windows 7, it would mean Cirrus is pretty much unusable for me, but I haven't seen any posts about this anywhere, which is suspicious.
I'm new to AS/Cirrus/flash so there might be something really noobie I'm missing, so I'd be very glad if there would be someone wiling to help me with any hints why is it not working, what should I do, or just explain to me that I have to deal with the fact that it simply cannot be done and (mainly) why.
Thank you very much,
Jan
My application code:
<?xml version="1.0" encoding="utf-8"?>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
    <mx:Script>
        <![CDATA[
            private const SERVER_ADDRESS:String = "rtmfp://p2p.rtmfp.net/";
            private const DEVELOPER_KEY:String = "key";
            private var nc:NetConnection;
            private var myPeerID:String;
            private var farPeerID:String;
            // streams
            private var sendStream:NetStream;
            private var recvStream:NetStream;
            private function initConnection():void{
                if(txtFingerprint.text){
                    farPeerID = txtFingerprint.text;
                nc = new NetConnection();
                nc.addEventListener(NetStatusEvent.NET_STATUS,ncStatus);
                nc.connect(SERVER_ADDRESS+DEVELOPER_KEY);
            private function ncStatus(event:NetStatusEvent):void{
                trace(event.info.code);
                myPeerID = nc.nearID;
                txtFingerprint.text = myPeerID;
            private function initSendStream():void{
                trace("initSendStream");
                sendStream = new NetStream(nc,NetStream.DIRECT_CONNECTIONS);
                sendStream.addEventListener(NetStatusEvent.NET_STATUS, netStatusHandler);
                sendStream.publish("media");
                var sendStreamClient:Object = new Object();
                sendStreamClient.onPeerConnect = function(callerns:NetStream):Boolean{
                    farPeerID = callerns.farID;
                    trace("onPeerConnect "+farPeerID);
                    return true;
                sendStream.client = sendStreamClient;
            private function initRecvStream():void{
                recvStream = new NetStream(nc,farPeerID);
                recvStream.addEventListener(NetStatusEvent.NET_STATUS,netStatusHandler);
                recvStream.play("media");
                recvStream.client = this;
            public function receiveSomeData(str:String):void{
                txtReceiveData.text = str;
            private function sendSomeData():void{
                sendStream.send("receiveSomeData",txtSendData.text);
            private function netStatusHandler(event:NetStatusEvent):void{
                trace(event.info.code);
        ]]>
    </mx:Script>
    <mx:TextInput x="10" y="10" width="391" id="txtFingerprint"/>
    <mx:Button x="409" y="10" label="Connect" click="initConnection()"/>
    <mx:TextInput x="10" y="40" id="txtSendData"/>
    <mx:TextInput x="10" y="70" id="txtReceiveData" width="251"/>
    <mx:Button x="178" y="40" label="Send data" click="sendSomeData()"/>
    <mx:Button x="10" y="100" label="initSendStream" click="initSendStream()"/>
    <mx:Button x="132" y="100" label="initReceiveStream" click="initRecvStream();"/>
    <mx:Text x="10" y="130" text="Hint: First running Flash app - click Connect to get Fingerprint PeerID. Copy and paste this PeerID to second running Flash app to the same field and click Connect. Then initSendStream and initReceiveStream on both of them and finally you can write some text and click Send data." width="391" height="122"/>
</mx:Application>

Hmm, not sure I completely understand now. What exactly simultaneously should mean in this context? The thing is that it seems there's no chance in getting the connection to work when I first turn on the client on my Windows computer. The other way (starting on my Linux computer) it works just fine, and I am able to connect from my Windows to my Linux anytime.
Also I'm not sure that this is the problem, cause it seems that same problem apply to connection to other computers as well (however this impression is based on a testing with just a very few tries, so I'll try to test it more soon).
Thanks for the explaining anyway!

Windows 7 Firewall - Inbound rule

Similar Messages

Maybe you are looking for