Maybe I misunderstood what you're not seeing. Are you saying that you are not seeing dropped packets in the nmap firewall log, scanning from your workstation? But, are you seeing the dropped packets in the windows pfirewall.log, local to the server?
From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, March 17, 2011 6:00 AM To: NT System Admin Issues Subject: RE: Windows Firewall question WIndows 2008 R2 Yep, it is the NIC accordingly, what I am trying to ascertain is why I don't see the dropped packets when I do my NMAP scans which would validate that the Firewall Inbound and Outbound rules are working. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Miller Bonnie L. [mailto:[email protected]] Sent: Wednesday, March 16, 2011 3:46 PM To: NT System Admin Issues Subject: RE: Windows Firewall question WIndows 2008 R2 Under control panel, Network & Sharing Center, can you confirm that NIC is actually using the domain profile and not a different one? From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, March 16, 2011 9:08 AM To: NT System Admin Issues Subject: RE: Windows Firewall question WIndows 2008 R2 Also turned off the firewall on the domain profile, still didn't make a difference. Still can't see the ports open from an Nmap scan, and I can't see any packets dropped on the firewall logs which I should be able to see. I have inbound connections that don't match a rule are dropped. The Default settings for inbound connections are block on the Firewall with Advanced settings. I am logging both successful and blocked connections. Any other ideas? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, March 16, 2011 11:45 AM To: NT System Admin Issues Subject: RE: Windows Firewall question WIndows 2008 R2 Even allowing ALL IP's from the for the rule doesn't seem to help show that port as open. Under scope Local IP's I selected all, and under remort IP's I selected all. ( Should allow any IP to talk to this server locally and process to talk to any remote IP) if I am reading it right. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, March 16, 2011 11:36 AM To: NT System Admin Issues Subject: Windows Firewall question WIndows 2008 R2 I am following the documentation for getting the firewall rule for an application ( Inbound port and Outbound Server) to work and verify that packets from any other host are dropped. We are utilizing the Domain Profile, and I have turned on logging to for the Domain Profile for Logging and created the Pfirewall.log , but I am doing an NMAP Scan from my PC and not getting any dropped packets in the firewall log. All I have in place right now is an In-bound packet rule that allows port X on the local host ( Its IP) to talk to port X on the remote host on its IP. SO local IP I put the IP Address of my Windows 2008 R2 SP1 system and the remote host I put the IP Address of the remote system. DO I need to add an equal rule to the outbound rules on the R2 host to get the 2way communication to work, or is it smart enough to do stateful packet inspection and if inbound is allowed allow the equal and opposite to outbound? Ideas? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
