Opening Ports on Firewall

G

Guest

I have an odd situation and it goes like this:

Our network clients use eTrust antivirus and to enable communication with
the antivirus admin server to WAN clients, those clients need a certain few
ports open on the XP firewall. If i set those ports manually on the client XP
firewall, comms work. If i set them in a GP and propagate it, comms do not
work. I have checked registry and firewall and it does seem that the group
policy is being applied. Any ideas.

Just a general question regarding using the XP firewall. What is the general
line of thought about turning the XP firewall off for clients on a close
private IP network?

Cheers, all advice appreciated
 
M

Mark Heitbrink [MVP]

Hi,
Our network clients use eTrust antivirus and to enable communication with
the antivirus admin server to WAN clients, those clients need a certain few
ports open on the XP firewall.
Click to expand...

For etrust it´s usually the inoupdate.exe(?) thats need the exception
Or was it inort* something like that ...
If i set those ports manually on the client XP firewall, comms work.
If i set them in a GP and propagate it, comms do not
work. I have checked registry and firewall and it does seem that
the group policy is being applied. Any ideas.
Click to expand...

- you are using the worng DNS
- your Computer is not in the OU, where the GPO is linked to
- you are filtering by DSACLs
- you are filtering by WMI
etc.
etc.
Just a general question regarding using the XP firewall. What is the general
line of thought about turning the XP firewall off for clients on a close
private IP network?
Click to expand...

A lot of people deactivate it in their own DNS Zone (its a single Policy)
It is depending on the network, if I activate it or not.


Mark
 
G

Guest

Thanks for your input, some things to test out.

Can you expand on your comments about filtering by DSACLs and filtering by WMI

Cheers
 
M

Mark Heitbrink [MVP]

Hi,
Can you expand on your comments about filtering by DSACLs and filtering by WMI
Click to expand...

GPMC:
Take a look on the tab "scope" on the GPO. If there is something different
than "Authenticated Users" than there is a filter ... some, if there is an
entry in the WMI Section

Mark
 
G

Guest

Thats all sweet...as i said it looks like the ploicy is being applied. In
windows firewall you can actually see the new port settings in the programs
and services section but still the only way to get comms to work is to turn
off the firewall or manually enter the ports.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

XP Firewall - updating client rules by netfw.inf, Group Policy or other? 1
Disabling Windows Firewall service using W2K GP 1
log on to domain on 2003 sbs with firewall 1
Firewall off only while logged onto domain 1
Gropu Policy is not applying on XP systems. 4
Losing XP SP2 firewall settings in GP 2
GP Firewall Settings 2
Group Policy on windows XPsp2 from a 2000DC 2

Top