Francesco Della Morte 0 Posted July 20, 2023 Share Posted July 20, 2023 Hi all, I work as System Administrator in a small enterprise where we use ESET Endpoint Security for Windows centralized with an ESET Protect Cloud UI where we configure rules and criteria. Since yesterday we're encountering an issue on the Eset Firewall. We use TightVNC Server installed on all Windows clients and listening on port 5900 in order to connect and support our colleagues, but the rule is no longer working correctly. I verified on some clients and, temporarily disabling ESET Firewall, I'm able to connect through VNC, as soon as I enable again it, the connection stops working. We did NOT change any rule on the Protect Cloud side, so we cannot figure out why the rule is no longer working because it seems set up correctly: I verified the Trusted Zone (Area attendibile) was set correctly and it includes every IP subnet we actually use at work. Could you help me facing up this very annoying issue? It is preventing us to connect to other clients that need support. I'm fully open to every suggestion. Thanks in advance Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted July 20, 2023 Administrators Share Posted July 20, 2023 Please provide logs collected with ESET Log Collector for a check. Link to comment Share on other sites More sharing options...
Francesco Della Morte 0 Posted July 20, 2023 Author Share Posted July 20, 2023 Hi Marcos, attached you can find logs extracted from ESET Log Collector from my PC. Thank you in advance ees_logs.zip Link to comment Share on other sites More sharing options...
Solution kelepe 2 Posted July 21, 2023 Solution Share Posted July 21, 2023 Hello, shown policy is applied on clients tried to receive VNC connection on port 5900? If so, it is not correctly configured, because you should open port 5900 on local port as your direction is IN, and remote port use any, or ephemeral ports. On your server open OUT communication on port 5900 as remote port. Make sure your profile "Qualsiasi" is correctly applied. If you want to debug, make rule that enable communication on port 5900 - direction IN, enable logging (level warning), put it in front of your rules and see your communication what you should enable. YOu can post screen of that log, that we can help you out... Link to comment Share on other sites More sharing options...
Francesco Della Morte 0 Posted July 21, 2023 Author Share Posted July 21, 2023 Hi Kelepe, we actually realized the mistake. Changing port 5900 from remote to local now everything works fine. Thanks so much for the support! Link to comment Share on other sites More sharing options...
Recommended Posts