Troubleshooting Windows Firewall settings in Windows XP Service
Contents
1. 17 of 22 Windows Firewall General Exceptions Advanced Network Connection Settings Windows Firewall is enabled for the connections selected below To add exceptions for an individual connection select it and then click Settings Local Area Connection Local Area Security Logging You can create a log file for troubleshooting purposes ICMP With Intemet Control Message Protocol ICMP the computers on a network can share emor and status information Default Settings To restore all Windows Firewall settings to a default state click Restore Defaults Note Outbound successes are not logged Outbound traffic that is not blocked is not logged Interpreting the log file The following log information is collected for each packet that is logged Fields Description Example http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 18 of 22 Date Time Action Protocol src ip dst ip src port dst port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info Displays the year month and day that the recorded transaction occurred Dates are recorded in the format YYYY MM DD where YYYY is the year MM is the month and DD is the day Displays the hour minute and seconds when the recorded transaction occurred Times are recorded in the format HH MM SS where HH is the2. 7 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users File Edit Format View Help f PID Session Name Session Console Console Console csrss exe Console winlogon exe Console services exe Console lsass exe Console svchost exe Console svchost exe Console P netstat txt Notepad File Edit Format view Help 0 K 0 K 0 K 0 K 0 K 0 K 0 K 0 K 0 K 0 K Active Connections Proto Local Address Foreign Address TCP C2000 0 228 0 0 0 0 0 TCP 020 0 m AH e meg Fg Eg a NA R TCP 0 0 0 0 445 0 0 0 0 0 LISTENING TCP 157 54 100 101 1750 157 54 100 102 5061 ESTABLISHED UDP 0 0 0 0 445 a Tmo ann ASAN Ret 706 The program with process identifier PID 2268 is using port 1750 on the local computer If the port numbers for the process are less than 1024 the port numbers will probably not change If the numbers that are used are greater than or equal to 1024 the program may use a range of ports Therefore you may not be able to resolve the issue by opening individual ports Adding the port exception 1 Click Start click Run type wscui cpl and then click OK 2 In Windows Security Center click Windows Firewall 8 of 22 http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users gt Windows Security Center Get the latest security and virus information From Micr
3. C Documents and Settings AccountName gt Netstat ano gt netstat txt_ 4 Atthe command prompt type tasklist gt tasklist txt and then press ENTER If the program in question runs as a service type tasklist svc gt tasklist txt instead of tasklist gt tasklist txt so that the services that are loaded in each process are listed 5 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 6 of 22 Microsoft Windows XP Version 5 1 2606 lt C Copyright 1985 2661 Microsoft Corp C Documents and Settings AccountName gt Netstat ano gt netstat txt C Documents and Settings AccountName gt Tasklist gt tasklist txt http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 Microsoft Windows XP Version 5 1 2606 lt C gt Copyright 1985 2661 Microsoft Corp C Documents and Settings AccountName gt Netstat ano gt netstat txt C Documents and Settings AccountName gt Tasklist gt tasklist txt C Documents and Settings AccountName gt Tasklist svc gt tasklist txt 5 Open the Tasklist txt file and then locate the program that you are troubleshooting Write down the Process Identifier for the process and then open the Netstat txt file Note any entries that are associated with that Process Identifier and the protocol that is used
4. bypass e Windows Firewall Protect all network connections e Windows Firewall Do not allow exceptions e Windows Firewall Define program exceptions e Windows Firewall Allow local program exceptions e Windows Firewall Allow remote administration exception e Windows Firewall Allow file and print sharing exception e Windows Firewall Allow ICMP exceptions e Windows Firewall Allow Remote Desktop exception 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 22 of 22 e Windows Firewall Allow Universal Plug and Plan UpnP framework exception e Windows Firewall Prohibit notifications e Windows Firewall Allow logging e Windows Firewall Prohibit unicast response to multicast or broadcast requests e Windows Firewall Define port exceptions e Windows Firewall Allow local port exceptions For more information about Windows Firewall Group Policy settings download the following white paper Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 http download microsoft com download 6 8 a 68a81446 cd73 4a61 8665 8a67781ac4e8 wf_xpsp2 doc REFERENCES 843090 http support microsoft com kb 843090 Description of the Windows Firewall feature in Windows XP Service Pack 2 892199 http support microsoft com kb 892199 Certain Administrative Templates from the Windows XP Security Guide may prevent you from starting the Windows Firewall serv
5. and printer sharing and UPnP traffic Used to specify whether notifications to the user when programs try to open ports are enabled Resets firewall configuration to default This provides the same functionality as the Restore Defaults button in the Windows Firewall interface Troubleshooting the firewall Along with program compatibility issues the Windows Firewall may experience other problems Follow these steps to diagnose problems http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 21 of 22 To verify that TCP IP is functioning correctly use the ping command to test the loopback address 127 0 0 1 and the assigned IP address 2 Verify the configuration in the user interface to determine whether the firewall has been unintentionally set to Off or On with No Exceptions 3 Use the netsh commands for Status and Configuration information to look for unintended settings that could be interfering with expected behavior 4 Determine the status of the Windows Firewall I nternet Connection Sharing service by typing the following at a command prompt sc query sharedaccess The short name of this service is SharedAccess Troubleshoot service startup based on the Win32 exit code if this service does not start 5 Determine the status of the pnat sys firewall driver by typing the following at a command
6. enable global access or to restrict access to the local subnet Set ports to be open on all interfaces or only on a specific interface Configure the logging options Configure the Internet Control Message Protocol ICMP handling options Add or remove programs from the exceptions list These configuration options apply to both IPv4 Windows Firewall and Pv6 Windows Firewall except where specific functionality does not exist in the Windows Firewall version Gathering diagnostic data Windows Firewall configuration and status information can be retrieved at the command line by using the Netsh exe tool This tool adds Pv4 firewall support to the following Netsh context netsh firewall To use this context type netsh firewall at a command prompt and then use additional Netsh commands as needed The following commands are useful for gathering firewall status and configuration information Netsh firewall show state Netsh firewall show config Compare the output from these commands with the output from the netstat ano command to identify the programs that may have listening ports open and that do not have corresponding exceptions in the firewall configuration Supported data gathering and configuration commands are listed in the following tables Note Settings can be modified only by an administrator Data Gathering Command Description show allowedprogram Displays the allowed programs 19 of 22 20 2 2008 16 13 sho
7. for the program or service you want to use Name Intemet Explorer Port number 80 cp upp What are the risks of opening a port http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 8 To verify that the port settings are correct for your program test the program Using Logging You can enable logging to help identify the source of inbound traffic and to provide details on what traffic is being blocked Windir pfirewall log is the default log file To enable logging follow these steps 1 Click Start click Run type firewall cpl and then click OK 2 Click the Advanced tab 13 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users Windows Firewall For your security some settings are controlled by Group Policy Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Intemet or a network g On recommended This setting blocks all outside sources from connecting to this computer with the exception of those selected on the Exceptions tab Select this when you connect to public networks in less secure locations such as airports You will not be notified when Windows Firewall blocks programs Selections on the Except
8. hour in 24 hour format MM is the number of minutes and SS is the number of seconds Indicates the operation that was observed by the firewall The options available to the firewall are OPEN CLOSE DROP and INFO EVENTS LOST An INFO EVENTS LOST action indicates the number of events that occurred but that were not recorded in the log Displays the protocol that was used for the communication A protocol entry can also be a number for packets that are not using TCP UDP or ICMP Displays the source IP address or the IP address of the computer that is trying to establish communications Displays the destination IP address of a communication try Displays the source port number of the sending computer A src port entry is recorded in the form of a whole number between 1 and 65 535 Only TCP and UDP display a valid src port entry All other protocols display a src port entry of Displays the port number of the destination computer A dst port entry is recorded in the form of a whole number between 1 and 65 535 Only TCP and UDP display a valid dst port entry All other protocols display a dst port entry of Displays the packet size in bytes Displays the TCP control flags that are found in the TCP header of an IP packet e Ack acknowledgement field significant e Fin No more data from sender e Psh Push function e Rst Reset the connection e Syn Synchronize sequence numbers e Urg Urgent Pointer field significant Flags are written as up
9. prompt sc query ipnat This command also returns the Win32 exit code from the last start try If the driver is not starting use troubleshooting steps that would apply to any other driver 6 If the driver and service are both running and no related errors exist in the event logs use the Restore Defaults option on the Advanced tab of Windows Firewall properties to eliminate any potential problem configuration 7 If the issue is still not resolved look for policy settings that might produce the unexpected behavior To do this type GPResult v gt gpresult txt at the command prompt and then examine the resulting text file for configured policies that are related to the firewall Configuring Windows Firewall Group Policy Contact your network administrator to determine if a Group Policy setting prevents programs and scenarios from running in a corporate environment Windows Firewall Group Policy settings are located in the following Group Policy Object Editor snap in paths e Computer Configuration Administrative Templates Network Network Connections Windows Firewall e Computer Configuration Administrative Templates Network Network Connections Windows Firewall Domain Profile Computer Configuration Administrative Templates Network Network Connections Windows Firewall Standard Profile From these locations you can configure the following Group Policy settings e Windows Firewall Allow authenticated Internet Protocol security IPsec
10. Firewall to create an exception Windows Firewall may be blocking a program or a service if the following conditions are true Programs do not respond to a client s request Client programs do not receive data from the server A Windows Firewall Security Alert may notify you that Windows Firewall is blocking a particular program When this scenario occurs you may unblock the program by selecting Unblock this program in the Security Alert dialog box To help determine which programs and ports are being blocked you can configure Windows Firewall to log dropped packets With Windows Firewall Netsh Helper you can configure Windows Firewall and Windows Firewall logging at the command prompt Program compatibility may not always be the issue Group Policy settings can also prevent http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 programs from running Windows XP Service Pack 2 SP2 includes several utilities that you can use to troubleshoot Windows Firewall issues INTRODUCTION The best way to resolve firewall blocking issues is to modify programs to work with stateful filtering firewalls If you cannot modify a program you can configure the Windows Firewall to add exceptions for specific ports and programs This article discusses the failure symptoms that relate to the default configuration of the Windows XP
11. Service Pack 2 firewall how to configure exceptions for ports and for programs and how to perform some troubleshoot methods for firewall settings MORE INFORMATION Failures that are related to the default firewall configuration appear in two ways Client programs may not receive data from a server Server programs that are running on a Windows XP based computer may not respond to client requests If a program is being blocked you may receive the following Windows Firewall Security Alert Windows Security Alert R a ie A To help protect your computer Windows Firewall has blocked W some features of this program Do you want to keep blocking this program R Name AOL Instant Messenger Publisher Amence Online Inc keep Blocking __tntiock _ _gskMeLater_ Windows Firewall has blocked this program from accepting connections from the Intemet or a network If you recognize the program or trust the publisher you can unblock R When should unblock a program For information about these symptoms and advanced troubleshooting steps to resolve them see the Advanced troubleshooting section Configuring Windows Firewall by using the Windows Firewall Security Alert To unblock the program click Unblock in the Security Alert dialog box Configuring Windows Firewall by using the Windows Security Center Adding a program exception When you add a program to the exception list you enable the firewall to open ranges of po
12. Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 1 of 22 Search Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users Notice This article is intended for advanced computer users If you are not comfortable with advanced Article ID 875357 troubleshooting you might want to ask someone for help or contact support For information about how to Last Review November 29 2007 do this visit the following Microsoft Web site Revision 2 1 http support microsoft com contactus http support microsoft com contactus On This Page SUMMARY INTRODUCTION MORE INFORMATION Configuring Windows Firewall by using the Windows Firewall Security Alert Configuring Windows Firewall by using the Windows Security Center Adding a program exception Advanced troubleshooting Recognizing failure symptoms Adding a port exception Identifying the ports Adding the port exception Using Logging Interpreting the log file Using command line support Gathering diagnostic data Troubleshooting the firewall Configuring Windows Firewall Group Policy REFERENCES SUMMARY Windows XP Service Pack 2 SP2 includes Microsoft Windows Firewall the updated firewall software that replaces Internet Connection Firewall ICF If Microsoft Windows Firewall is blocking a port that is used by a service or by a program you can configure the Windows
13. ght increase your security risk Programs and Services Name OF Microsoft Management Console Remote Assistance Remote Desktop O UPrP Framework Add Program Add Pott Edit Display a notification when Windows Firewall blocks a program What are the risks of allowing exceptions 4 Type a descriptive name for the port exception and the port number that your program uses and then select either the TCP or UDP protocol 10 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 r Add a Port on pening a port After you finish this step the Add a Port dialog box will appear as shown here 5 Click Change Scope Add a Port 11 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 12 of 22 6 View or set the scope for the port exception and then click OK Change Scope To specify the set of computers for which this port or program is unblocked click an option below To specify a custom list type a list of IP addresses subnets or both separated by commas Example 192 168 114 201 192 168 114 201 255 255 255 0 Click OK to close the Add a Port dialog box Add a Port Use these settings to open a port through Windows Firewall To find the port number and protocol consult the documentation
14. ice in Windows XP Service Pack 2 920074 http support microsoft com kb 920074 You cannot start the Windows Firewall service in Windows XP SP2 886257 http support microsoft com kb 886257 How Windows Firewall affects the UPnP framework in Windows XP Service Pack 2 If these articles do not help you resolve the problem or if you experience symptoms that differ from those that are described in this article search the Microsoft Knowledge Base for more information To search the Microsoft Knowledge Base visit the following Microsoft Web site http support microsoft com http support microsoft com Then type the text of the error message that you receive or type a description of the problem in the Search Support KB field APPLIES TO e Microsoft Windows XP Professional e Microsoft Windows XP Home Edition Keywords kbresolve kbgraphxlink konomt kbscreenshot kbtshoot kbhowtomaster KB875357 http support microsoft com kb 875357 2008 Microsoft Corporation All rights reserved 20 2 2008 16 13
15. ions tab will be ignored Off not recommended Avoid using this setting Tuming off Windows Firewall may make this computer more vulnerable to viruses and intruders Windows Firewall is using your domain settings What else should know about Windows Firewall 3 Inthe Security Logging area click Settings 14 of 22 http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 15 of 22 Windows Firewall Network Connection Settings Windows Firewall is enabled for the connections selected below To add exceptions for an individual connection select it and then click Settings Local Area Connection Security Logging You can create a log file for troubleshooting purposes ICMP With Intemet Control Message Protocol ICMP the computers on a network can share emor and status information Default Settings To restore all Windows Firewall settings to a default state click Restore Defaults Restore Defaults 4 Click to select the Log dropped packets check box and then click OK http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 Log Settings 5 Click OK 16 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users
16. l settings in Windows XP Service Pack 2 for advanced users 4 of 22 Service failures are not accompanied by a Windows Firewall Security Alert because services are not typically associated with a user logon session If the failure is service related configure the firewall as discussed in the Configuring Windows Firewall by using the Windows Security Center section Adding a port exception If you do not resolve this issue by adding a program to the exception list you can add ports manually To do this you must first identify the ports that are used by the program A reliable way to determine port usage is to contact the program vendor If you cannot contact a vendor or if a port list is not available you can use the Netstat exe tool to identify the ports in use Identifying the ports 1 Start the program and try to use its network features For example with a multimedia program try to start an audio stream With a Web server try to start the service Click Start click Run type cmd and then click OK At the command prompt type netstat ano gt netstat txt and then press ENTER This command creates the Netstat txt file This file lists all the listening ports http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 Microsoft Windows XP Version 5 1 2606 lt C Copyright 1985 2661 Microsoft Corp
17. ng Microsoft Web site http support microsoft com contactus http support microsoft com contactus Advanced troubleshooting This section is intended for advanced computer users If you are not comfortable with advanced troubleshooting you might want to ask someone for help or contact support For information about how to do this visit the following Microsoft Web site http support microsoft com contactus http support microsoft com contactus Recognizing failure symptoms Failures that are related to the default firewall configuration appear in two ways Client programs may not receive data from a server For example the following client programs may not receive data An FTP client e Multimedia streaming software e New mail notifications in some e mail programs e Server programs that are running on a Windows XP based computer may not respond to client requests For example the following server programs may not respond A Web server program such as Internet Information Services 11S e Remote Desktop e File sharing Notes e Failures in network programs are not limited to firewall issues These failures may be caused by RPC or DCOM security changes Therefore you have to determine whether the failure is accompanied by a Windows Firewall Security Alert that indicates that a program is being blocked 3 of 22 http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewal
18. osoft Check For the latest updates From Windows Update Get support For security related issues Get help about Security Center Change the way Security Center alerts me At Microsoft we care about your privacy EEK Security Center Help protect your PC Security Essentials The security settings on this computer are managed by a network administrator because it is part of a domain a group of computers on a network To help protect your computer the administrator of this computer should do the following Install and use a firewall such as Windows Firewall in Microsoft Windows XP or another Firewall Set up Automatic Updates to download and install critical updates automatically Install antivirus software and keep it turned on and up to date What s new in Windows to help protect my computer Manage security settings for W Automatic Updates Internet Options aa Windows Firewall Please read our privacy statement 3 Click the Exceptions tab and then click Add Port to display the Add a Port dialog box 9 of 22 http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 Windows Firewall Windows Firewall is blocking incoming network connections except for the programs and services selected below Adding exceptions allows some programs to work better but mi
19. percase letters Displays the TCP sequence number in the packet Displays the TCP acknowledgement number in the packet Displays the TCP window size in bytes in the packet Displays a number that represents the Type field of the ICMP message Displays a number that represents the Code field of the ICMP message Displays an information entry that depends on the type of action that occurred For example an NFO EVENTS LOST action creates an entry for the number of events that occurred but were not recorded in the log from the time of the last 2001 01 27 21 36 59 OPEN TCP 192 168 0 1 192 168 0 1 4039 53 60 AFP 1315819770 0 64240 23 http support microsoft com kb 875357 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 occurrence of this event type Note The hyphen is used for fields where no information is available for an entry Using command line support Windows Firewall Netsh Helper was added to Windows XP in the Microsoft Advanced Networking Pack This command line helper previously applied to IPv6 Windows Firewall With Windows XP Service Pack 2 the helper now includes support for configuring Pv4 With Netsh Helper you can now e Configure the default state of Windows Firewall Options include Off On and On with no exceptions Configure the ports that must be open Configure the ports to
20. rts that could change every time the program is run To add a program exception follow these steps Use an administrator account to log on Click Start click Run type wscui cpl and then click OK In Windows Security Center click Windows Firewall On the Exceptions tab click Add Program AWON ua 2 of 22 20 2 2008 16 13 Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users 5 Inthe list of programs click the name of the program that you want to add and then click OK If the name of your program is not in the list of programs click Browse to locate the program and then click OK Note If you do not know where the program is located contact the program vendor to determine the program location For information about how to contact your program vendor click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base 65416 http support microsoft com kb 65416 Hardware and software vendor contact information A K 60781 http support microsoft com kb 60781 Hardware and software vendor contact information L P 60782 http support microsoft com kb 60782 Hardware and software vendor contact information Q Z 6 Click OK Test the program to verify that the firewall settings are correct If you are still experiencing problems you might want to ask someone for help or contact support For information about how to do this visit the followi
21. w config show currentprofile show icmpsetting show logging show opmode show portopening show service show state show notifications Configuration Command add allowedprogram set allowedprogram delete allowedprogram set icmpsetting set logging set opmode add portopening set portopening delete portopening set service set notifications reset Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users Displays the detailed local configuration information Displays the current profile Displays the ICMP settings Displays the logging settings Displays the operational mode Displays the excepted ports Displays the services Displays the current state information Displays the current settings for notifications Description Used to add excepted traffic by specifying the program s file name Used to modify the settings of an existing allowed program Used to delete an existing allowed program Used to specify allowed ICMP traffic Used to specify logging options for Windows Firewall either globally or for a specific connection interface Used to specify the operating mode of Windows Firewall either globally or for a specific connection interface Used to add excepted traffic by specifying a TCP or UDP port Used to modify the settings of an existing open TCP or UDP port Used to delete an existing open TCP or UDP port Used to enable or drop RPC and DCOM traffic file
Download Pdf Manuals
Related Search