Tip

Troubleshooting firewalls

For more IT articles and tips specific to small and midsized businesses, visit SearchSMB.com.

The recent release of Windows XP Service Pack 2 highlights one of the problems you can encounter whenever you change your client's security settings with a new

    Requires Free Membership to View

firewall of any kind. Programs that may have once worked properly are blocked from operation until you set the firewall correctly. It's as true for Microsoft's firewall as it would be for Symantec's, Zone Alarm, or any other. The Windows Firewall is meant to replace the Internet Connection Firewall (ICF) and starts with the assumption that all ports that aren't required by a Windows service are to be blocked until you indicate otherwise.

The two most common problems encountered when a firewall blocks a needed port is that the program can't get server data or that the program isn't responding to the request of a client. You should suspect problems of this type with FTP, streaming, and mail programs that are having problems on a client. You'll also see problems with server based programs such as a Web server, file services, or when you attempt to access a system using a terminal session or remote desktop. Keep in mind that there are other possible issues here that could be problems, in particular things like remote procedure calls and DCOM settings. Still, firewall settings are a good first place to look.

The first time you launch a program that requires a blocked port, a dialog box called the Windows Firewall Security Alert appears asking you if you would like to unblock the port to allow the program to function. Say yes and the program is in business, say no and the program won't function correctly or will crash when it tries to access a service that it can't get to. Some programs require more than one port, so it's certainly possible that there is still a blocked port that is causing your client's problems. To help isolate the problem port you can use the Windows Firewall Netsh Helper to log all dropped packets.

To identify the ports you'll need to view the Netstat log. Open a command prompt, type NETSTAT –ano > NETSTAT.txt and then press enter to create the NETSTAT.TXT file that will hold all the log entries. Then at the prompt enter TASKLIST > TASKLIST.TST, press Enter and then type TASKLIST > TASKLIST.TXT to see what services are loaded for each process. When you open the TASKLIST.TXT file you should be able to locate the program of interest using the PID (Process ID number) that shows up in the Task List.

If you need to open another port you must log on as a system administrator and set an exception that unblocks the port in the firewall's administrator program. For the Windows XP Firewall, that tool is part of the Windows Security Center which is accessed from the Control Panel folder. To get there from the command line, open the Run dialog box, type WSCUI.CPL and then click OK. You'll want to click on the Exceptions tab and then add your port. You may also need to modify the scope using the Change Scope option. The scope sets which systems can participate in this type of network traffic. Finally, you'll also want to turn on Security Logging so that you can see the source of incoming traffic. That traffic is stored to the %Windir%pfirewall.log file. Outbound traffic is not logged.

A much more complete explanation of troubleshooting the Windows Firewall may be found at Microsoft's Web site.

Although other firewalls offer similar features, you'll want to check your firewall's documentation for the exact procedure.


Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was first published in October 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.