Jump to content

Firewall log allowed connections


karsayor
Go to solution Solved by karsayor,

Recommended Posts

I have an issue with the endpoint firewall  that is allowing a connection that should not be allowed.

My two Domain Controllers are able to browse computers on port 445 (SMB), all others computers and servers are not able to browse the computers.

It must be related to one of the default rule, but I do not know which one since I'm not able to turn on logging of allowed connections, I do not have any idea of what's happening and which rule is allowing this trafic.

How can I enable a full logging of the firewall to be able to see which rule is used to allow a connection ?

Thanks !

 

 

Link to comment
Share on other sites

1 hour ago, karsayor said:

My two Domain Controllers are able to browse computers on port 445 (SMB), all others computers and servers are not able to browse the computers.

It must be related to one of the default rule, but I do not know which one

I don't have an Eset Server product installed but I assume the below client firewall rules are still applicable.

Eset firewall has two default rules in regards Win shared file and printers; one for outbound activity and one for inbound activity. Below is the default outbound rule;

Eset_Shared.png.2fd264f7381a60ec73d8ea50b92fdbf2.png

This outbound rule is applicable to all Eset firewall profiles.

However, the corresponding inbound default firewall rule only allows inbound network traffic for the Eset Private firewall profile.

Link to comment
Share on other sites

  • Solution

Hello

So I could enable logging of allowed traffic as well. But it only worked on the client, allowed logs were not uploaded to ESET Protect Appliance, I don't know why.

The issue is that somehow, the built-in default rules were messed up and the rule "Block incoming NETBIOS requests" was no longer there, replaced by a duplicate of rule 31 !

Left is the built-in rules when creating a new Policy, right was the built-in rules in the policy that caused issues. So I backed up custom rules, disabled the "Rules" setting in the policy, saved, and reconfigured. Then it worked correctly.

I don't know what messed up the rules, since you cannot modify them manually.

2023-11-30_17-23-10.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...