O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Working with the Windows Firewall
|
553
Troubleshooting Advanced Firewall Problems
Troubleshooting advanced firewall configurations can become very complicated in a
hurry. This is true especially if you have created customized authentication meth-
ods, applied certificate-based communications, or edited the standardized listings
available within the management console. You must be methodical and patient when
pursuing these problems in some cases. Do not become discouraged because you can
always fall back to the post-installation configuration by restoring the default settings.
When you are experiencing problems with advanced firewall configurations, the first
thing to set is the logging feature for each profile associated with Windows Firewall.
Although you must enable logging separately for each profile, the firewall records all
logged activities—dropped packets, successful connections, or both—in a central
logfile. The default location for the firewall log is %SystemRoot%\System32\logfiles\
firewall\pfirewall.log. This log can help you diagnose problems, and offers some
insight into additional issues associated with the advanced firewall features.
If you are having problems with inbound or outbound connections, refer to the pro-
file settings for the active profile. When you select the Monitoring node in Windows
Firewall with Advanced Security, the active profile is listed as such. Check the status
of your current profile. If the firewall is on and you are blocking all incoming connec-
tions, select Block instead of Block All Connections. If the firewall is on and you are
blocking outgoing connections, select Allow instead of Block.
If you have created IPSec policies for specific connection types or you require IPSec
for communications, verify that you have the correct certificate installed or make
sure the certificate has not expired or become untrusted. You will also want to verify
that the remote computer has the same authentication methods set to allow proper
authentication among them. You may also want to enable IPSec exemptions to allow
ICMP traffic to flow regularly with IPSec. This can save a lot of time when determin-
ing specific network issues without IPSec blocking echo requests.
If a specific program does not work, make sure you have not created a customized
rule that denies the desired behavior. Look in the inbound and outbound rules to
make sure the settings are correct for the port, protocol, and IP address require-
ments as well as associated computers or users. Make sure you have enabled or dis-
abled the rule, depending on your specific situation. You should also try to
determine the correct ports and protocols in use for the program to operate cor-
rectly. Once you have the correct information, ensure that you have either created
the custom rule for inbound and outbound traffic, or changed the predefined listing
to work correctly according to your information.
Sometimes it helps to restart the Windows Firewall service to make sure something
has not ended up in an unusable state due to configuration changes. Also, confirm
that the desired functionality works with the firewall disabled. This can help to
determine if you have a separate issue besides the firewall configuration.
554
|
Chapter 15: Protecting Your Computer with Windows Defender and Windows Firewall
You may also want to check Event View in Computer Management to determine
whether errors are being logged for Windows Firewall. If you find a stop error, use
the specified information to look up errors with Microsoft’s Support site to deter-
mine how to fix your specific problem.
When all else fails, you may consider restoring the default settings. To do so, follow
these steps:
1. In Windows Firewall with Advanced Security, select the Windows Firewall with
Advanced Security node.
2. On the Action menu, select Restore Defaults.
3. When prompted to confirm the action, click Yes to change Windows Firewall
back to the default settings when first installed. Keep in mind that this will also
disable any custom exceptions you have created, possibly causing certain pro-
grams to function incorrectly. This is especially true for games, so you will need
to reenable your custom settings after verifying that your network connections
work correctly once you’ve reset the default configuration.
When all else fails, you can either consult with a professional computer repair ser-
vice, contact your network administrator, consult with the Microsoft online forum
for specific answers to detailed questions, or use any errors you find in the Event
Viewer to determine whether someone else has this problem by searching for it
online. Microsoft offers a diagnostic and troubleshooting link in the default listing of
the management console. Clicking this link opens the Microsoft web site, which pro-
vides specific troubleshooting methods for different products.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required