Windows Firewall indound icmp packets drop
Hi, we have enabled icmpv4 traffic with a local firewall inbound rule in a gpo and we still having ping drops. Is there another value somewhere that we could disable in our setup. It seems like a protection coming from the windows
server 2008 and for no specific reason it blocks the traffic.
The ping comes from a load balancer linux base machine. We have created another test rule that is opening all ports and all protocol coming from that ip address and we get the same behaviour.
We know if we restart the server it will let the ping go through again with no problem but for a relatively short period of time.
Carl R.
Thanks
Hi Carl,
>>we have enabled icmpv4 traffic with a local firewall inbound rule in a gpo and we still having ping drops.
Before going further, we can cmd command gpresult/h gpreport.html with admin privileges to collect group policy result to check if the policy setting was applied successfully.
Regarding how to allow inbound Internet Control Message Protocol (ICMP) network traffic, the following article can be referred for more information.
Create an Inbound ICMP Rule on Windows 7, Windows Vista, Windows Server 2008, or Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/cc972926(v=ws.10).aspx
Besides, for this is related to network, in order to get more and better help, we can also ask for suggestions in the following network forum.
Network Access Protection
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverNAP
Best regards,
Frank Shen
Similar Messages
-
Windows 2008 R2 Std SP1 - firewall reports packets dropped...
Hi,
1) I'm trying to harden the Windows firewall on standalone (non AD) Windows 2008 R2 Std SP1 server, and restrict outgoing packets to known rules. What I'm seeing is firewall log entries showing dropped packets,
and the dropped packets are always zero length. e.g. I configured a rule to allow Windows Service Host svchost.exe to reach out to MS for MS Security Essentials Updates, and it is able to check for and download updates - but what I see are dropped zero length
packets for the target IP addresses that I have allowed in the rule. I see other packets too, for other application targets, for which new rules allow the application to work
- but again I see dropped zero length packets. Is there a feature that I can disable to allow the zero length packets out?
2) Also, I've enabled firewall logging to a file, but I see a mis-match between what appears in the \Windows\System32\LogFiles\Firewall\*.log files versus
the event ID 5152 entries in the Security event log - I mean, sometimes I see corresponding matching entries - most of the time I don't - it's as if some of the notifications re dropped packets make it to the firewall log file, and some make to the
event log, and some make it to both. Is this just a-typical and that's just the way it is?
Thanks. Dave.Hi Dave,
I suggest you use Netsh commands to collect diagnostic data of Windows Firewall and IPsec, the collected data will be exported into an XML file that we can examine for clues to the cause of the problem.
Please use this command below for capturing:
netsh wfp capture start file= "path and file".
More information for you:
Netsh Commands for Windows Filtering Platform (WFP) in Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/dd735538(v=WS.10).aspx
[SDP 3][ 4f18caa6-df64-4dfd-a18e-096cf5a6a0fc] IPSEC Trace Logging
http://support.microsoft.com/kb/2749575
Best Regards,
Amy -
Windows Firewall issue, Inbound rule opend all, still not the same as turning off
This is Windows Firewall issue on Windows 8.1 Pro.
Backup Exec server cannot expand a computer node in selection list. I drill down to Microsoft Windows Network/Domain/Computers, then when I tried to expand a Windows 8.1 Pro computer node, it hangs out.
I narrowed this problem to Windows firewall related issue on Windows 8.1 Pro computer.
When I turn off Windows Firewall on Domain profile, Backup Exec Selection expands the computer node of the Windows 8.1 Pro computer. So, I created an inbound rule opening all to BAckup Exec server as following, but it's still not the same as turning off
Windows firewall specifically on Windows 8.1 Pro computer;
Any Local IP address, Any Remote IP address, Any port, Any protocol, All Interface, All Programs and Services, All profiles(Domain, Private, Public)
And there are no rules blocking any which may override the above rule.
Ethernet on Windows 8.1 Pro computer shows profile is linked with Domain, but just to make it work, I selected all profiles.
Even though I opened all available in inbound rule, it's still not the same as turning off windows firewall. Why am I missing?It looks as something related to RPC(UDP 135), but even when inbound rule is all open, why it matters? RPC seems working fine only when firewall is turned off on domain profile.
Protocol 17 is UDP
Port: 135
===============================
Event ID 5152
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID:
0
Application Name:
Network Information:
Direction:
Outbound
Source Address:
192.168.1.120
Source Port:
0
Destination Address:
192.168.1.11
Destination Port:
0
Protocol:
1
Filter Information:
Filter Run-Time ID:
245836
Layer Name:
ICMP Error
Layer Run-Time ID:
32
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID:
0
Application Name:
Network Information:
Direction:
Inbound
Source Address:
192.168.1.11
Source Port:
35341
Destination Address:
192.168.1.120
Destination Port:
135
Protocol:
17
Filter Information:
Filter Run-Time ID:
245834
Layer Name:
Transport
Layer Run-Time ID:
13 -
Hi Guys,
Actually we have two ASA 5520 in active/passive. We are losing random icmp packets between hosts located at different ASA’s interfaces or zones so; random icmp packets are losed when cross the firewalls.
asa# sh interface | i errors
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 2 interface resets
94 input errors, 0 CRC, 0 frame, 94 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 2 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 2 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 2 interface resets
2 input errors, 0 CRC, 0 frame, 2 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
asa# show conn count
7924 in use, 7934 most used
asa# show resource usage
Resource Current Peak Limit Denied Context
SSH 2 2 5 0 System
ASDM 1 3 5 0 System
Syslogs [rate] 444 1295 N/A 0 System
Conns 7284 8000 280000 0 System
Xlates 2728 3063 N/A 0 System
Hosts 3155 3403 N/A 0 System
Conns [rate] 195 946 N/A 0 System
Inspects [rate] 20 280 N/A 0 System
asa# sh processes cpu-usage non-zero
PC Thread 5Sec 1Min 5Min Process
081a86c4 c91afa08 56.9% 45.1% 37.5% Dispatch Unit
08c15df6 c91a93a8 1.3% 1.3% 1.2% Logger
08190627 c91a4ec0 0.0% 0.1% 0.0% tmatch compile thread
084b6fa1 c91a40f8 0.3% 0.6% 0.6% IKE Daemon
083ccbfc c91a17a0 0.1% 0.1% 0.1% fover_health_monitoring_thread
08405637 c91a13b0 0.0% 0.1% 0.1% ha_trans_data_tx
085345ae c91a09d8 0.5% 0.3% 0.3% ARP Thread
088c038d c918f248 2.3% 2.2% 2.3% Unicorn Admin Handler
08bde96c c9189ba8 0.2% 0.4% 0.2% sshActually I followed your recommendation about capture icmp traffic on ingress and egress interfaces to see how many packets are getting to the ASA and how many are leaving... Dammit!, I saw the same input and output traffic. I can’t see on the ASP capture any icmp packet being dropped by the ASA…
Thxs a lot guys for your help, I really appreciated that.
asa(config)# sh capture
capture capin type raw-data interface franqui [Capturing - 204480 bytes]
match icmp host 192.168.3.130 host 172.31.5.28
capture capout type raw-data interface inside [Capturing - 204480 bytes]
match icmp host 192.168.3.130 host 172.31.5.28
capture asp type asp-drop all buffer 9999999 [Capturing - 9880419 bytes]
asa(config)#
asa(config)# sho cap asp | i 192.168.3.130
1094: 11:15:02.770056 192.168.3.130.80 > 10.150.4.139.52083: . ack 1800180435 win 64240
8427: 11:16:39.131340 192.168.3.130.137 > 192.168.3.255.137: udp 50
8534: 11:16:39.877548 192.168.3.130.137 > 192.168.3.255.137: udp 50
8606: 11:16:40.624982 192.168.3.130.137 > 192.168.3.255.137: udp 50
13257: 11:17:46.657253 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
15450: 11:18:18.148170 192.168.3.130.137 > 192.168.3.255.137: udp 50
23235: 11:20:01.004226 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
24334: 11:20:15.551271 192.168.3.130.138 > 192.168.3.255.138: udp 201
28941: 11:21:21.650265 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
30622: 11:21:47.743842 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
38870: 11:23:44.843721 192.168.3.130.137 > 192.168.3.255.137: udp 50
51315: 11:26:39.053433 192.168.3.130.137 > 192.168.3.255.137: udp 50
51382: 11:26:39.790349 192.168.3.130.137 > 192.168.3.255.137: udp 50
51438: 11:26:40.540285 192.168.3.130.137 > 192.168.3.255.137: udp 50
66736: 11:30:18.165610 192.168.3.130.137 > 192.168.3.255.137: udp 50
75694: 11:32:17.742301 192.168.3.130.138 > 192.168.3.255.138: udp 201
asa(config)# sho cap asp | i 172.31.5.28
458: 11:14:54.353894 172.31.5.28.138 > 172.31.255.255.138: udp 201
9219: 11:16:49.088404 172.31.5.28.63954 > 172.31.5.254.443: F 1216116677:1216116677(0) ack 3105814648 win 65535
9220: 11:16:49.129647 172.31.5.28.63955 > 172.31.5.254.443: F 3311562654:3311562654(0) ack 1788680111 win 65535
9907: 11:16:58.316817 172.31.5.28.63957 > 172.31.5.254.443: F 2372132966:2372132966(0) ack 3446739520 win 65535
9924: 11:16:58.465155 172.31.5.28.63958 > 172.31.5.254.443: F 3052199358:3052199358(0) ack 4060397993 win 65535
9926: 11:16:58.478353 172.31.5.28.63959 > 172.31.5.254.443: F 2416626469:2416626469(0) ack 600987510 win 65535
10207: 11:17:01.425911 172.31.5.28.63960 > 172.31.5.254.443: F 4284764250:4284764250(0) ack 2764360472 win 65535
10209: 11:17:01.462653 172.31.5.28.63962 > 172.31.5.254.443: F 2897853406:2897853406(0) ack 36732653 win 65535
10562: 11:17:06.392862 172.31.5.28.63963 > 172.31.5.254.443: F 3418331111:3418331111(0) ack 4106159305 win 65535
10566: 11:17:06.437782 172.31.5.28.63965 > 172.31.5.254.443: F 351951743:351951743(0) ack 3852846382 win 65535
10570: 11:17:06.491109 172.31.5.28.63964 > 172.31.5.254.443: R 3743180378:3743180378(0) ack 2036124283 win 0
10571: 11:17:06.491322 172.31.5.28.63964 > 172.31.5.254.443: R 3743180378:3743180378(0) win 0
10605: 11:17:06.990885 172.31.5.28.63967 > 172.31.5.254.443: R 1622463220:1622463220(0) ack 1444481707 win 0
10606: 11:17:06.991113 172.31.5.28.63966 > 172.31.5.254.443: F 4291895411:4291895411(0) ack 1869758408 win 65535
10607: 11:17:06.991205 172.31.5.28.63967 > 172.31.5.254.443: R 1622463220:1622463220(0) win 0
10716: 11:17:09.033506 172.31.5.28.63968 > 172.31.5.254.443: F 1213337051:1213337051(0) ack 2793080200 win 65535
28699: 11:21:18.048444 172.31.5.28.63978 > 172.31.5.254.443: F 3516588597:3516588597(0) ack 4082523455 win 65535
28702: 11:21:18.082530 172.31.5.28.63979 > 172.31.5.254.443: F 2624860618:2624860618(0) ack 1229240024 win 65535
29157: 11:21:25.289917 172.31.5.28.63980 > 172.31.5.254.443: F 1840304766:1840304766(0) ack 3822990521 win 65535
29159: 11:21:25.369808 172.31.5.28.63983 > 172.31.5.254.443: F 879930713:879930713(0) ack 1786169064 win 65535
29160: 11:21:25.381587 172.31.5.28.63984 > 172.31.5.254.443: F 427260469:427260469(0) ack 341330867 win 65535
29321: 11:21:28.067242 172.31.5.28.63985 > 172.31.5.254.443: F 2238218183:2238218183(0) ack 2288210469 win 65535
29325: 11:21:28.098902 172.31.5.28.63986 > 172.31.5.254.443: F 118474273:118474273(0) ack 4277263123 win 65535
29665: 11:21:33.143074 172.31.5.28.63987 > 172.31.5.254.443: F 1353084768:1353084768(0) ack 2091147977 win 65535
29667: 11:21:33.174566 172.31.5.28.63989 > 172.31.5.254.443: F 3477322977:3477322977(0) ack 2198309559 win 65535
29701: 11:21:33.621763 172.31.5.28.63988 > 172.31.5.254.443: R 1603447742:1603447742(0) ack 2966254164 win 0
29702: 11:21:33.622007 172.31.5.28.63991 > 172.31.5.254.443: R 272764148:272764148(0) ack 2362014837 win 0
29703: 11:21:33.622282 172.31.5.28.63988 > 172.31.5.254.443: R 1603447742:1603447742(0) win 0
29704: 11:21:33.622328 172.31.5.28.63991 > 172.31.5.254.443: R 272764148:272764148(0) win 0
29767: 11:21:34.860764 172.31.5.28.63992 > 172.31.5.254.443: F 4226212155:4226212155(0) ack 2230361367 win 65535
52256: 11:26:52.323835 172.31.5.28.138 > 172.31.255.255.138: udp 201
asa(config)# sho cap asp | i 192.168.3.130
1094: 11:15:02.770056 192.168.3.130.80 > 10.150.4.139.52083: . ack 1800180435 win 64240
8427: 11:16:39.131340 192.168.3.130.137 > 192.168.3.255.137: udp 50
8534: 11:16:39.877548 192.168.3.130.137 > 192.168.3.255.137: udp 50
8606: 11:16:40.624982 192.168.3.130.137 > 192.168.3.255.137: udp 50
13257: 11:17:46.657253 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
15450: 11:18:18.148170 192.168.3.130.137 > 192.168.3.255.137: udp 50
23235: 11:20:01.004226 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
24334: 11:20:15.551271 192.168.3.130.138 > 192.168.3.255.138: udp 201
28941: 11:21:21.650265 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
30622: 11:21:47.743842 802.1Q vlan#1200 P0 10.104.104.36.137 > 192.168.3.130.137: udp 50
38870: 11:23:44.843721 192.168.3.130.137 > 192.168.3.255.137: udp 50
51315: 11:26:39.053433 192.168.3.130.137 > 192.168.3.255.137: udp 50
51382: 11:26:39.790349 192.168.3.130.137 > 192.168.3.255.137: udp 50
51438: 11:26:40.540285 192.168.3.130.137 > 192.168.3.255.137: udp 50
66736: 11:30:18.165610 192.168.3.130.137 > 192.168.3.255.137: udp 50
75694: 11:32:17.742301 192.168.3.130.138 > 192.168.3.255.138: udp 201
asa(config)# sho cap asp | i 172.31.5.28
458: 11:14:54.353894 172.31.5.28.138 > 172.31.255.255.138: udp 201
9219: 11:16:49.088404 172.31.5.28.63954 > 172.31.5.254.443: F 1216116677:1216116677(0) ack 3105814648 win 65535
9220: 11:16:49.129647 172.31.5.28.63955 > 172.31.5.254.443: F 3311562654:3311562654(0) ack 1788680111 win 65535
9907: 11:16:58.316817 172.31.5.28.63957 > 172.31.5.254.443: F 2372132966:2372132966(0) ack 3446739520 win 65535
9924: 11:16:58.465155 172.31.5.28.63958 > 172.31.5.254.443: F 3052199358:3052199358(0) ack 4060397993 win 65535
9926: 11:16:58.478353 172.31.5.28.63959 > 172.31.5.254.443: F 2416626469:2416626469(0) ack 600987510 win 65535
10207: 11:17:01.425911 172.31.5.28.63960 > 172.31.5.254.443: F 4284764250:4284764250(0) ack 2764360472 win 65535
10209: 11:17:01.462653 172.31.5.28.63962 > 172.31.5.254.443: F 2897853406:2897853406(0) ack 36732653 win 65535
10562: 11:17:06.392862 172.31.5.28.63963 > 172.31.5.254.443: F 3418331111:3418331111(0) ack 4106159305 win 65535
10566: 11:17:06.437782 172.31.5.28.63965 > 172.31.5.254.443: F 351951743:351951743(0) ack 3852846382 win 65535
10570: 11:17:06.491109 172.31.5.28.63964 > 172.31.5.254.443: R 3743180378:3743180378(0) ack 2036124283 win 0
10571: 11:17:06.491322 172.31.5.28.63964 > 172.31.5.254.443: R 3743180378:3743180378(0) win 0
10605: 11:17:06.990885 172.31.5.28.63967 > 172.31.5.254.443: R 1622463220:1622463220(0) ack 1444481707 win 0
10606: 11:17:06.991113 172.31.5.28.63966 > 172.31.5.254.443: F 4291895411:4291895411(0) ack 1869758408 win 65535
10607: 11:17:06.991205 172.31.5.28.63967 > 172.31.5.254.443: R 1622463220:1622463220(0) win 0
10716: 11:17:09.033506 172.31.5.28.63968 > 172.31.5.254.443: F 1213337051:1213337051(0) ack 2793080200 win 65535
28699: 11:21:18.048444 172.31.5.28.63978 > 172.31.5.254.443: F 3516588597:3516588597(0) ack 4082523455 win 65535
28702: 11:21:18.082530 172.31.5.28.63979 > 172.31.5.254.443: F 2624860618:2624860618(0) ack 1229240024 win 65535
29157: 11:21:25.289917 172.31.5.28.63980 > 172.31.5.254.443: F 1840304766:1840304766(0) ack 3822990521 win 65535
29159: 11:21:25.369808 172.31.5.28.63983 > 172.31.5.254.443: F 879930713:879930713(0) ack 1786169064 win 65535
29160: 11:21:25.381587 172.31.5.28.63984 > 172.31.5.254.443: F 427260469:427260469(0) ack 341330867 win 65535
29321: 11:21:28.067242 172.31.5.28.63985 > 172.31.5.254.443: F 2238218183:2238218183(0) ack 2288210469 win 65535
29325: 11:21:28.098902 172.31.5.28.63986 > 172.31.5.254.443: F 118474273:118474273(0) ack 4277263123 win 65535
29665: 11:21:33.143074 172.31.5.28.63987 > 172.31.5.254.443: F 1353084768:1353084768(0) ack 2091147977 win 65535
29667: 11:21:33.174566 172.31.5.28.63989 > 172.31.5.254.443: F 3477322977:3477322977(0) ack 2198309559 win 65535
29701: 11:21:33.621763 172.31.5.28.63988 > 172.31.5.254.443: R 1603447742:1603447742(0) ack 2966254164 win 0
29702: 11:21:33.622007 172.31.5.28.63991 > 172.31.5.254.443: R 272764148:272764148(0) ack 2362014837 win 0
29703: 11:21:33.622282 172.31.5.28.63988 > 172.31.5.254.443: R 1603447742:1603447742(0) win 0
29704: 11:21:33.622328 172.31.5.28.63991 > 172.31.5.254.443: R 272764148:272764148(0) win 0
29767: 11:21:34.860764 172.31.5.28.63992 > 172.31.5.254.443: F 4226212155:4226212155(0) ack 2230361367 win 65535
52256: 11:26:52.323835 172.31.5.28.138 > 172.31.255.255.138: udp 201 -
Hi,
i want to ask. My ASA5520 is generating some packet drops constantly and we have some problems with server aplication that a proccessing of tasks from client to server take a long time (sometime about 15 seconds). Our client application is accessing a server throught IPSec VPN tunnel terminated on two ASA`s. Our connectivity is about 20Mbit/s to internet and responses to ping about 5 ms and our internet load is about 20% on both sides - so i think this parameters are not bad. MTU is configured for 1500 for all interfaces. If this apllication is on local network its is working with no problems. Long responses are only throught VPN tunnel.
Can someone help me where to search for possible reasons? - is a drop rate about 2-4pkts/sec a normal behavior on Outside and Inside interface?
Outside:
received (in 3089.110 secs):
1440158 packets 1318512125 bytes
466 pkts/sec 426825 bytes/sec
transmitted (in 3089.110 secs):
1189541 packets 449651676 bytes
385 pkts/sec 145560 bytes/sec
1 minute input rate 660 pkts/sec, 569735 bytes/sec
1 minute output rate 543 pkts/sec, 194757 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 541 pkts/sec, 494752 bytes/sec
5 minute output rate 418 pkts/sec, 115924 bytes/sec
5 minute drop rate, 2 pkts/sec
Inside:
received (in 998799.294 secs):
1207809993 packets 733339825912 bytes
1002 pkts/sec 734002 bytes/sec
transmitted (in 998799.294 secs):
1200125098 packets 882901742659 bytes
1003 pkts/sec 883004 bytes/sec
1 minute input rate 502 pkts/sec, 179984 bytes/sec
1 minute output rate 614 pkts/sec, 564726 bytes/sec
1 minute drop rate, 4 pkts/sec
5 minute input rate 391 pkts/sec, 108899 bytes/sec
5 minute output rate 508 pkts/sec, 490840 bytes/sec
5 minute drop rate, 4 pkts/sec
DMZ:
received (in 998799.984 secs):
58298524 packets 44825759311 bytes
2 pkts/sec 44002 bytes/sec
transmitted (in 998799.984 secs):
46530732 packets 12940381278 bytes
3 pkts/sec 12001 bytes/sec
1 minute input rate 53 pkts/sec, 13049 bytes/sec
1 minute output rate 49 pkts/sec, 3004 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 36 pkts/sec, 5570 bytes/sec
5 minute output rate 33 pkts/sec, 1755 bytes/sec
5 minute drop rate, 0 pkts/sec
Aggregated Traffic on Physical Interface
GigabitEthernet0/0:
received (in 3089.870 secs):
1440885 packets 1346005546 bytes
466 pkts/sec 435618 bytes/sec
transmitted (in 3089.870 secs):
1190187 packets 474475065 bytes
385 pkts/sec 153558 bytes/sec
1 minute input rate 660 pkts/sec, 582256 bytes/sec
1 minute output rate 543 pkts/sec, 206077 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 541 pkts/sec, 504955 bytes/sec
5 minute output rate 418 pkts/sec, 124804 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
received (in 998800.164 secs):
1207813930 packets 757321051733 bytes
1002 pkts/sec 758002 bytes/sec
transmitted (in 998800.164 secs):
1200125732 packets 906238831947 bytes
1003 pkts/sec 907000 bytes/sec
1 minute input rate 502 pkts/sec, 190546 bytes/sec
1 minute output rate 614 pkts/sec, 576442 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 391 pkts/sec, 117300 bytes/sec
5 minute output rate 508 pkts/sec, 500487 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
received (in 998800.224 secs):
58298526 packets 45904344202 bytes
2 pkts/sec 45000 bytes/sec
transmitted (in 998800.224 secs):
46530733 packets 13855555976 bytes
3 pkts/sec 13003 bytes/sec
1 minute input rate 53 pkts/sec, 14097 bytes/sec
1 minute output rate 49 pkts/sec, 4018 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 36 pkts/sec, 6271 bytes/sec
5 minute output rate 33 pkts/sec, 2437 bytes/sec
5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
received (in 998800.364 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 998800.364 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/secHi,
There is no UDP flow limit configured on this firewall:
asa-hvac# sh local-host router-bacnet
Interface inside: 3 active, 8 maximum active, 0 denied
local host: ,
TCP flow count/limit = 0/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 2/unlimited
Conn:
UDP out ctrl-delta-maniwaki:47808 in router-bacnet:47808 idle 0:00:15 flags -
UDP out ctrl-delta-laurentienne:47808 in router-bacnet:47808 idle 0:00:00 flags -
Interface outside: 15 active, 33 maximum active, 0 denied
To answer your second question, when the problem appear, there is the same 2 flows when I issue the "show local-host bacnet-router" command. -
Hello Dear Sir/Madam
I am trying to create an inbound firewall rule to grant access ICMP4 to my server(2008 r2),although I have created this rule I can not ping my server by its IP address. but when I disable firewall I can ping It so could you please help me why windows firewall
can not recognize my new rule?
Best ReagardHi,
Can you ping other computers? How did you create the firewall inbound rule? In general, enabling incoming ICMP Echo messages will allow others to ping your computere. Please try to enable the File and Printer Sharing ( Echo Request- ICMPv4-In) in the inbound
firewall rules to see if the issue persists.
Best regards,
Susie -
Packet drops and High CPU on Cisco 3845 Switch
Hello Experts,
We are facing a lot of packet drops in our LAN.
When we try to ping one of the access switches from the CE router, we get the follwoing output:
pdel1799#ping 10.132.136.17 so 10.132.164.1 si 100 re 500
Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 10.132.136.17, timeout is 2 seconds:
Packet sent with a source address of 10.132.164.1
Success rate is 98 percent (491/500), round-trip min/avg/max = 1/9/44 ms
pdel1799#
Success rate is 98 percent (491/500), round-trip min/avg/max = 1/9/44 ms
pdel1799#
Some command outputs and show tech of all switches attached from the customer which I have attached.
I have also attached a diagram but the only router''s IP address is correct in the diagram while IP address of switches in the diagram are incorrect. Here are the correct IPs of the switches:
Core Switch : 10.132.139.2
Access Switches:
10.132.136.17
10.132.136.18
10.132.136.29
Apart from packet drops on VLAN 1 we are seeing high CPU utilization on core switch
ingur-msl-coresw#sh processes cpu sorted | ex 0.0
Core 0: CPU utilization for five seconds: 61%; one minute: 45%; five minutes: 47%
Core 1: CPU utilization for five seconds: 63%; one minute: 46%; five minutes: 56%
Core 2: CPU utilization for five seconds: 36%; one minute: 74%; five minutes: 69%
Core 3: CPU utilization for five seconds: 85%; one minute: 69%; five minutes: 65%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
5638 2374911 23863975 131 52.03 52.24 52.58 1088 fed
9227 43623 21191441 182 8.36 5.53 5.71 0 iosd
6146 1437288 13888905 56 0.95 0.68 0.70 0 pdsd
5639 1292905 86276135 11 0.13 0.13 0.11 0 platform_mgr
6161 2831440 20952285 955 0.13 0.12 0.10 0 cpumemd
I can get more details required to resolve this, please help!!Hi,
I can see several Mac Flaps in the logs provided.... i.e. on int gi 1/1/3. have you verified you don't have any bridging loop occurring on the network?
Regards,
Yaseen -
we have leased line between two sites.
one side we have 2800 series router with fastethernet port and other side we have firewall with giga
port.
Replication is done from router to firewall.
When the replication starts packet is droping when we ping to firewall outside interface.
Lease line is of 10Mbps linkWhat type of replication?
where do you see packet drop?
Do you see some sylogs?
Please provide some more information on this
Regards,
Sachin -
Windows Firewall Service Crashes on Windows Server 2012
Hello Team,
I am facing issues with Windows Firewall Service in new Windows 2012 R2 deployments. when i try to start the Firewall service it wont start and it throws an error message to check the system event logs for information
The Windows Firewall service terminated with the following service-specific error:
The data is invalid.
I deployed this OS on a VM running with latest VM tools and HW version which is running on ESXi 5.1 U1
2 GB RAM, 1 vCPU
OS deployed through ISO downloaded from MS portal and License activated through KMS system, performed a couple of reboots as well.
any advise on this issue? i am sure some of you might have also faced the same issue1. VMware support forum and knowledge base may give you more specific advice.
2. Windows services may be dependent on another service(s). Analyze these dependences. Do it after you understand implications of VMware firewall function.
3. More detailed info from Event log is needed for analysis (Event ID, etc)
4. Hope you have connectivity configured correctly.
5. For firewall in VMware read the following article(s):
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-52188148-C579-4F6A-8335-CFBCE0DD2167.html&__utma=207178772.2027713003.1393320147.1393320147.1393320147.1&__utmb=207178772.0.10.1393320147&__utmc=207178772&__utmx=-&__utmz=207178772.1393320147.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&__utmv=-&__utmk=174193441
Regards
Milos -
Here's the diagnostic info, with serial numbers removed:
Microsoft Windows 7 x64 Home Premium Edition Service Pack 1 (Build 7601)
Dell Inc. Inspiron 620
iTunes 11.1.2.32
QuickTime 7.7.4
FairPlay 2.5.16
Apple Application Support 2.3.6
iPod Updater Library 11.1f5
CD Driver 2.2.3.0
CD Driver DLL 2.1.3.1
Apple Mobile Device 7.0.0.117
Apple Mobile Device Driver 1.64.0.0
Bonjour 3.0.0.10 (333.10)
Gracenote SDK 1.9.6.502
Gracenote MusicID 1.9.6.115
Gracenote Submit 1.9.6.143
Gracenote DSP 1.9.6.45
iTunes Serial Number xxx
Current user is an administrator.
The current local date and time is 2013-10-30 13:38:23.
iTunes is not running in safe mode.
WebKit accelerated compositing is enabled.
HDCP is not supported.
Core Media is supported.
Video Display Information
Intel Corporation, Intel(R) HD Graphics
**** External Plug-ins Information ****
Plug-in Name: WhiteCap
Plug-in Loaded: Yes
Plug-in Version: 0.0.1
Plug-in File Version: Unknown
Plug-in Path: C:\Program Files (x86)\iTunes\Plug-ins\vis_WhiteCap.dll
The drive F: HL-DT-ST DVDRAM GE20LU10 Rev FE05 is a USB 1 device.
iPodService 11.1.2.32 (x64) is currently running.
iTunesHelper 11.1.2.32 is currently running.
Apple Mobile Device service 3.3.0.0 is currently running.
**** Network Connectivity Tests ****
Network Adapter Information
Adapter Name:xxxx
Description: Microsoft Virtual WiFi Miniport Adapter
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
DHCP Enabled: Yes
DHCP Server:
Lease Obtained: Wed Dec 31 19:00:00 1969
Lease Expires: Wed Dec 31 19:00:00 1969
DNS Servers:
Adapter Name: {xxxx}
Description: Dell Wireless 1502 802.11b/g/n
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
DHCP Enabled: Yes
DHCP Server:
Lease Obtained: Wed Dec 31 19:00:00 1969
Lease Expires: Wed Dec 31 19:00:00 1969
DNS Servers:
Adapter Name: {xxxx}
Description: Realtek PCIe GBE Family Controller
IP Address: 192.168.0.103
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DHCP Enabled: Yes
DHCP Server: 192.168.0.1
Lease Obtained: Wed Oct 30 12:39:21 2013
Lease Expires: Wed Nov 06 11:39:21 2013
DNS Servers: 192.168.0.1
Active Connection: LAN Connection
Connected: Yes
Online: Yes
Using Modem: No
Using LAN: Yes
Using Proxy: No
Firewall Information
Windows Firewall is on.
iTunes is NOT enabled in Windows Firewall. NB - Only McAfee Firewall is on. Control panel no longer gives access to Windows firewall
Connection attempt to Apple web site was unsuccessful.
The network connection timed out.
Basic connection to the store failed.
The network connection timed out.
Connection attempt to Gracenote server was successful.
The network connection timed out.
Last successful iTunes Store access was 2013-08-09 00:02:52.Can someone please respond to my request for support? I tried the provided correct answer at https://discussions.apple.com/message/11561783#11561783 but it did not work.
I also got a MSFT tech support person to remotely look at my machine, for what its worth, he said the registry file is fine and to contact Apple support.
Any help would be very much appreciated. -
Firefox won't open/connect tp the internet. Explorer opens and connects. Windows firewall turned off. No other antivirus program running. Happened when I downloaded new Firefox update.
I had the same problem when i dl-ed a new anti-virus softward, but what I did help me reconnect Firefox again!
Here is what I did,
Go to open firefox browser-->option-->advanced-->network-->settings-->and change it to auto-detect proxy settings for this network!
It worked for you, hope it will work for you too =)!
Cheers -
0x8007000e (E_OUTOFMEMORY) while adding a firewall rule using the windows firewall COM API
Hello,
Configuration: Windows Embedded 8 64-bit.
I'm using the Windows Firewall with Advanced Security COM API. The program uses the INetFwRules interface. Basically, I'm using the following code (Form the code sample available here : http://msdn.microsoft.com/en-us/library/windows/desktop/dd339604%28v=vs.85%29.aspx.)
I get the error when performing "hr = pFwRules->Add(pFwRule);".
We can also encounter the problem when removing a rule (using pFwRules->Remove(ruleName);)
HRESULT hrComInit = S_OK;
HRESULT hr = S_OK;
INetFwPolicy2 *pNetFwPolicy2 = NULL;
INetFwRules *pFwRules = NULL;
INetFwRule *pFwRule = NULL;
long CurrentProfilesBitMask = 0;
BSTR bstrRuleName = SysAllocString(L"SERVICE_RULE");
BSTR bstrRuleDescription = SysAllocString(L"Allow incoming network traffic to myservice");
BSTR bstrRuleGroup = SysAllocString(L"Sample Rule Group");
BSTR bstrRuleApplication = SysAllocString(L"%systemroot%\\system32\\myservice.exe");
BSTR bstrRuleService = SysAllocString(L"myservicename");
BSTR bstrRuleLPorts = SysAllocString(L"135");
// Initialize COM.
hrComInit = CoInitializeEx(
0,
COINIT_APARTMENTTHREADED
// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
// initialized with a different mode. Since we don't care what the mode is,
// we'll just use the existing mode.
if (hrComInit != RPC_E_CHANGED_MODE)
if (FAILED(hrComInit))
printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);
goto Cleanup;
// Retrieve INetFwPolicy2
hr = WFCOMInitialize(&pNetFwPolicy2);
if (FAILED(hr))
goto Cleanup;
// Retrieve INetFwRules
hr = pNetFwPolicy2->get_Rules(&pFwRules);
if (FAILED(hr))
printf("get_Rules failed: 0x%08lx\n", hr);
goto Cleanup;
// Create a new Firewall Rule object.
hr = CoCreateInstance(
__uuidof(NetFwRule),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwRule),
(void**)&pFwRule);
if (FAILED(hr))
printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);
goto Cleanup;
// Populate the Firewall Rule object
pFwRule->put_Name(bstrRuleName);
pFwRule->put_Description(bstrRuleDescription);
pFwRule->put_ApplicationName(bstrRuleApplication);
pFwRule->put_ServiceName(bstrRuleService);
pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
pFwRule->put_LocalPorts(bstrRuleLPorts);
pFwRule->put_Grouping(bstrRuleGroup);
pFwRule->put_Profiles(CurrentProfilesBitMask);
pFwRule->put_Action(NET_FW_ACTION_ALLOW);
pFwRule->put_Enabled(VARIANT_TRUE);
// Add the Firewall Rule
hr = pFwRules->Add(pFwRule);
if (FAILED(hr))
printf("Firewall Rule Add failed: 0x%08lx\n", hr);
goto Cleanup;
This works pretty well but, sometimes, at system startup, adding a rule ends up with the error 0x8007000e (E_OUTOFMEMORY) ! At startup, the system is always loaded cause several applications starts at the same time. But nothing abnormal. This is quite a random
issue.
According MSDN documentation, this error indicates that the system "failed to allocate the necessary memory".
I'm not convinced that we ran out of memory.
Has someone experienced such an issue? How to avoid this?
Thank you in advance.
Regards, -Ruben-Does Windows 8 desktop have the same issue? Are you building a custom WE8S image, or are you using a full WE8S image? The reason I ask is to make sure you have the modules in the image to support the operation.
Is Windows Embedded 8.1 industry an option?
www.annabooks.com / www.seanliming.com / Book Author - Pro Guide to WE8S, Pro Guide to WES 7, Pro Guide to POS for .NET -
When an external application tries to connect to it through iTunes I get 'Error: 11222'. When I try to connect through the iTunes app it just continuously loads but nothing appears. Diagnostics says that Windows Firewall (Which is being managed by McAfee) is blocking it, even though it is allowed through both firewalls I have. Even when I turn WF off iTunes claims it is being blocked by it. I have done almost everything Apple's support pages have suggested but nothing has worked. I'm using it on an Acer Aspire laptop, and the main PC can use iTunes without trouble so it isn't the ISP. I have uninstalled and reinstalled iTunes twice. Here is a full diagnostics:
Microsoft Windows 7 x64 Home Premium Edition Service Pack 1 (Build 7601)
Acer Aspire 5738
iTunes 10.6.3.25
QuickTime 7.7.2
FairPlay 1.14.43
Apple Application Support 2.1.9
iPod Updater Library 10.0d2
CD Driver 2.2.0.1
CD Driver DLL 2.1.1.1
Apple Mobile Device 5.2.0.6
Apple Mobile Device Driver not found.
Bonjour 3.0.0.10 (333.10)
Gracenote SDK 1.9.6.502
Gracenote MusicID 1.9.6.115
Gracenote Submit 1.9.6.143
Gracenote DSP 1.9.6.45
iTunes Serial Number 0042AD4403249D18
Current user is an administrator.
The current local date and time is 2012-08-23 23:19:38.
iTunes is not running in safe mode.
WebKit accelerated compositing is enabled.
HDCP is supported.
Core Media is supported.
Video Display Information
ATI Technologies Inc., ATI Mobility Radeon HD 4570
**** External Plug-ins Information ****
No external plug-ins installed.
iPodService 10.6.3.25 (x64) is currently running.
iTunesHelper 10.6.3.25 is currently running.
Apple Mobile Device service 3.3.0.0 is currently running.
**** Network Connectivity Tests ****
Network Adapter Information
Lease Expires: Fri Aug 24 21:30:18 2012
DNS Servers: 192.168.1.254
Adapter Name: {43E41B54-39BF-45DB-A846-41062D127AFE}
Description: Broadcom NetLink (TM) Gigabit Ethernet
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
DHCP Enabled: Yes
DHCP Server:
Lease Obtained: Thu Jan 01 00:00:00 1970
Lease Expires: Thu Jan 01 00:00:00 1970
DNS Servers:
Active Connection: LAN Connection
Connected: Yes
Online: Yes
Using Modem: No
Using LAN: Yes
Using Proxy: No
Firewall Information
Windows Firewall is on.
iTunes is NOT enabled in Windows Firewall.
Connection attempt to Apple web site was unsuccessful.
The network connection timed out.
Basic connection to the store failed.
The network connection timed out.
Connection attempt to Gracenote server was successful.
The network connection timed out.
iTunes has never successfully accessed the iTunes Store.
Please help me!The 11222 errors can sometimes be produced by LSP trouble. One of the suspects with that is some versions of McAfee Family Protection. For troubleshooting advice, see the following document:
Apple software on Windows: May see performance issues and blank iTunes Store -
I can't get the IOS 5 to work for windows Vista. I'm running kaspersky pure 2.0, windows firewall and windows defender. I have turned them all off, I then attach my Ipod 4th gen and I get the "cannot connect to itunes update server". I ran diagnostics in itunes and it tells me I dont have a internet connection. I'm on the internet right now, and I DO have a internet connection, but it tells me Itunes says otherwise. I'm able to send this message on the same pc with internet connection but keep running into this error. I have now read discussiong boards through apple and disabled all my firewalls, still no luck. I was able to update the lates version of itunes, and just waiting to get my ipod updated now, please help me.
On the computer you should be able to go to the network properites. Go to the TCP part and unchec the line that says obtaind DNS automatically and check the one that says use the following. Add the 8.8.8.8 and Google other 8.8.4.4.
For more info see:
https://developers.google.com/speed/public-dns/ -
Windows Firewall damaged by 'Windows 7 antivirus 2012'
I run Windows 7. I think 64bit, not sure.
I have been getting hit with a lot of rogue antiviruses and up till now have been fighting them off, but last night I was hit by a new rendition of "Windows 7 Antivirus 2012".
I got a window saying explorer.exe wanted to make changes to my computer, I would tell it no and each time it would return. In between the constantly returning window I managed to open the task manager, find the process, and end the process. I then found
the file and destroyed it with killbox.
Everything seems to be back in working order now, except for the firewall. Every page in the control panel for windows firewall gives me an Administrator button that says use reccomended settings', when I click it it says it can't do that and gives
me error 0x800705b4, which I understand to be an authentication error.
The last time I had this I tried to reset my firewall with an admistrator command prompt, it would tell me it could not load wshelper.dll, so I did some stuff I cannot remember to reset my winsock and was then able to reset my firewall and all was good again.
This time when I go into command.com and type 'netsh advfirewall reset' instead of the DLL message, I get 'An error occoured while attempting to contact the Windows Firewall service. Make sure the service is running and try your request again'.
In my attempts to fix this myself I have been to the device manager. I had it 'show hidden devices' and located my Windows Firewall Authorization driver. I found it had been stopped, and so I started it again. It currently says it is started, but nothing
has changed functionally.
I have been into Services as an Administrator; Windows Firewall is not there. I was also told to look for Windows Event Controller and Base Filtering Engine and they are not there either.
I have done an administrator command promtp with sfc /scannow and the first time it said it had made changes and the second time it said everythign was alright but nothing functionally has changed.
I have been told to enter the following command prompts and gotten - the following results
netsh advfirewall reset - error stated above
net start mpsdrv - The requested service has already been started
net start bfe - The service name is invalid
net start mpssvc - the service name is invalid
regsvr32 firewallapi.dll - Popup window stating DllRegisterServer in firewallapi.dll succeeded
no functional change after that.
I have also been told to try:
sc config wuauserv start= auto - [SC] ChangeServiceConfig SUCCESS
sc config bits start= auto - [SC] ChangeServiceConfig SUCCESS
sc config DcomLaunch start= auto - Access is denied.
net stop wuauserv - The Windows Update service was stopped successfully.
net start wuauserv - The Windows Update service was started successfully.
net stop bits - The Backround Intelligent Transfer Service was stopped successfully.
net start bits - The Backround Intelligent Transfer Service was started successfully.
net start dcomlaunch - The requested service has already been started.
I have also tried a system restore, but whatever is screwing with my firewall is also screwing with that an it will not complete successfully.
A Windows XP thread steered me toward a file called, I believe, netfw.inf in my windir folder, related to the firewall. This does not seem to be on my Windows 7 machine and I have been unable to find the Windows 7 equivalent.
So, it appears my firewall is gone, or just pretending to be. I fixxed it last time by making some correction to my winsock but I cannot seem to find the process I used for that. Additionally, Microsoft Security Essentials has dissapeared from my system
tray, though otherwise seems to be working fine.
I am confident that this can be fixxed without a wipe and reinstall. Please help.Hi
Make sure that PC is clean(free from zero access rootkit before trying this fixes)
This firewall issue is commonly found on vista and windows 7 (64 BIT OS)
It is recommended to contact malware removal forums to remove it first and try the fix
Run the services repair tool by ESET
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
Restart the PC.Firewall and critical missing services should work.
Manual Fix
Download both the registry files
Windows firewall -
Firewall
Base filtering engine -
BFE
Launch them,You should get a UAC prompt now
Click YES & Restart your PC
Now,Press Windows+ R key and type
regedit and click ok
go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on it-permissions
Click on ADD and type
Everyone and click ok
Now Click on Everyone
Below you have permission for users
Select full control and click ok
Now,open RUN and type
services.msc and click ok
start base filtering engine service and then windows firewall service
If you still have this error
Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.
Download and launch this key,click YES
Shared access
give full control permission to this key similar to previous one
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess
Right click on it -permissions
Click on Add and type
Everyone and select Full control
You should able to start firewall now
You may also be missing security center windows defender ,BITS and windows update services
Download
Security center -wscsvc
Windows defender - windefend
BITS - BITS
Windows update -
wuauserv
Launch them and click YES when you get a UAC prompt
Good luck
Maybe you are looking for
-
I wrongly entered my apple id into my new i phone . It was my e mail address with a letter wrong I have registered correctly on the i cloud account but when I go to get apps it still shows wrong e mail How do I delete this incorrect e mail? Thanks Mi
-
Solution manger down due to disp+work down and j2ee is not starting.
Message: Dear All i am having big problem our solution manager is down kindly help me to solve this problem. system configuration: solution manger 7.01 ehp1 this was upgraded from nw04s a year back . yesterday iwas trying to upgrade from sp19 to sp24
-
Aperture library in pages? not iPhoto
Im trying to import media (a photo) into my pages document. When I click on the media button, it only pulls up my old iphoto library, not current aperture library. I swapped over to aperture from iphoto a couple of years ago, and imported my old ipho
-
Problems uploading photobook from Elements 10
In attempting to upload a photobook to Kodak from PSE10, I consistently receive an error message telling me that my firewall is blocking access. My W7 firewall is disabled, as I have a router. A similar thread in 2010 about PSE9 suggested it was the
-
IDoc - ORDERS05 - Inbound - IHREZ_E
What segment/field/qualif should I be using to populate the field VBKD-IHREZ_E at the header level? When creating a new sales order, I am able to populate VBKD-IHREZ_E at the item level by using E2EDP02/BELNR and qualifyier 044. However, i would like