Jump to content

Firewall log allowed connections


karsayor
Go to solution Solved by karsayor,

Recommended Posts

I have an issue with the endpoint firewall  that is allowing a connection that should not be allowed.

My two Domain Controllers are able to browse computers on port 445 (SMB), all others computers and servers are not able to browse the computers.

It must be related to one of the default rule, but I do not know which one since I'm not able to turn on logging of allowed connections, I do not have any idea of what's happening and which rule is allowing this trafic.

How can I enable a full logging of the firewall to be able to see which rule is used to allow a connection ?

Thanks !

 

 

Link to comment
Share on other sites

1 hour ago, karsayor said:

My two Domain Controllers are able to browse computers on port 445 (SMB), all others computers and servers are not able to browse the computers.

It must be related to one of the default rule, but I do not know which one

I don't have an Eset Server product installed but I assume the below client firewall rules are still applicable.

Eset firewall has two default rules in regards Win shared file and printers; one for outbound activity and one for inbound activity. Below is the default outbound rule;

Eset_Shared.png.2fd264f7381a60ec73d8ea50b92fdbf2.png

This outbound rule is applicable to all Eset firewall profiles.

However, the corresponding inbound default firewall rule only allows inbound network traffic for the Eset Private firewall profile.

Link to comment
Share on other sites

  • Solution

Hello

So I could enable logging of allowed traffic as well. But it only worked on the client, allowed logs were not uploaded to ESET Protect Appliance, I don't know why.

The issue is that somehow, the built-in default rules were messed up and the rule "Block incoming NETBIOS requests" was no longer there, replaced by a duplicate of rule 31 !

Left is the built-in rules when creating a new Policy, right was the built-in rules in the policy that caused issues. So I backed up custom rules, disabled the "Rules" setting in the policy, saved, and reconfigured. Then it worked correctly.

I don't know what messed up the rules, since you cannot modify them manually.

2023-11-30_17-23-10.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...