How to troubleshoot firewall problems

This tip describes how to troubleshoot problems that arise when using a new firewall.

This tip originally appeared on SearchNetworking.com, a sister site of SearchCIO-Midmarket.com.

The recent release of Windows XP Service Pack 2 highlights one of the problems you can encounter whenever you change your client's security settings with a new firewall of any kind. Programs that may have once worked properly are blocked from operation until you set the firewall correctly. It's as true for Microsoft's firewall as it would be for Symantec's, Zone Alarm or any other. The Windows Firewall is meant to replace the Internet Connection Firewall (ICF) and starts with the assumption that all ports that aren't required by a Windows service are to be blocked until you indicate otherwise.

The two most common problems encountered when a firewall blocks a needed port are that the program can't get server data or that the program isn't responding to the request of a client. You should suspect problems of this type with FTP, streaming and mail programs that are having problems on a client. You'll also see problems with server-based programs such as a Web server, file services or when you attempt to access a system using a terminal session or remote desktop. Keep in mind that there are other possible issues here that could be problems, in particular things like remote procedure calls and DCOM settings. Still, firewall settings are a good first place to look.

The first time you launch a program that requires a blocked port, a dialog box called the Windows Firewall Security Alert appears asking you if you would like to unblock the port to allow the program to function. Say yes and the program is in business; say no and the program won't function correctly or will crash when it tries to access a service that it can't get to. Some programs require more than one port, so it's certainly possible that there is still a blocked port that is causing your client's problems. To help isolate the problem port you can use the Windows Firewall Netsh Helper to log all dropped packets.

To identify the ports you'll need to view the Netstat log. Open a command prompt, type NETSTAT --ano > NETSTAT.txt and then press enter to create the NETSTAT.TXT file that will hold all the log entries. Then at the prompt enter TASKLIST > TASKLIST.TST, press Enter and then type TASKLIST > TASKLIST.TXT to see what services are loaded for each process. When you open the TASKLIST.TXT file you should be able to locate the program of interest using the PID (Process ID number) that shows up in the Task List.

If you need to open another port you must log on as a system administrator and set an exception that unblocks the port in the firewall's administrator program. For the Windows XP Firewall, that tool is part of the Windows Security Center which is accessed from the Control Panel folder. To get there from the command line, open the Run dialog box, type WSCUI.CPL and then click OK. You'll want to click on the Exceptions tab and then add your port. You may also need to modify the scope using the Change Scope option. The scope sets which systems can participate in this type of network traffic. Finally, you'll also want to turn on Security Logging so that you can see the source of incoming traffic. That traffic is stored to the %Windir%pfirewall.log file. Outbound traffic is not logged.

A much more complete explanation of troubleshooting the Windows Firewall may be found at Microsoft's website.

Although other firewalls offer similar features, you'll want to check your firewall's documentation for the exact procedure.

Barrie Sosinsky is president of consulting company Sosinsky and Associates in Medfield, Mass. He has written extensively on a variety of computer topics. His company specializes in custom software (database- and Web-related), training and technical documentation. Let us know what you think about this tip; email editor@searchcio-midmarket.com.


This was first published in November 2004

Dig deeper on Security and risk management for Small Business

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close