Loading Profile...
Two Questions / Problems with Sunbelt Firewall
Two questions:
1. I am having a problem accessing administrative shares (e.g., \\my-computer\c$) on my Vista box (running Sunbelt Firewall) from Windows XP clients. If I disable the firewall on Vista, it works. Interestingly, if I then re-enable the firewall it continues to work until I reboot. Is there a setting that I can change to make it work without having to first disable the firewall? To try and diagnose, I looked in the "Logs & Alerts", and the NIPS log has a number of "ICMP L3retriever Ping" messages that were denied from the machine in question. That's likely the culprit, but I don't know what to do to allow these to process. I tried disabling the "predefined network security" but that didn't help, and I really don't want to disable that anyway. A little help would be much appreciated. (BTW, I had to add a key to the registry (LocalAccountTokenFilterPolicy) to enable admin shares over my network.)
2. Is there a way to disable the countdown to deny feature? I frequently am multitasking and have an install going on one computer while I'm doing something else on another. If I am distracted for a few seconds I could miss an important prompt. Sometimes it also takes me some time to research what the heck is trying to run something or access the Internet. 20 seconds just isn't long enough. I'd rather it just sat there and waited for me to answer. A beep when a Firewall prompt is displayed would be a nice feature, and even a reminder beep after a couple of minutes would be welcome, but just denying the action after 20 seconds is intolerable.
BTW, I love the Kerio / Sunbelt Firewall and have been a long term user. I hope that I can get this working acceptably under Vista so that I don’t have to learn something else.
1. I am having a problem accessing administrative shares (e.g., \\my-computer\c$) on my Vista box (running Sunbelt Firewall) from Windows XP clients. If I disable the firewall on Vista, it works. Interestingly, if I then re-enable the firewall it continues to work until I reboot. Is there a setting that I can change to make it work without having to first disable the firewall? To try and diagnose, I looked in the "Logs & Alerts", and the NIPS log has a number of "ICMP L3retriever Ping" messages that were denied from the machine in question. That's likely the culprit, but I don't know what to do to allow these to process. I tried disabling the "predefined network security" but that didn't help, and I really don't want to disable that anyway. A little help would be much appreciated. (BTW, I had to add a key to the registry (LocalAccountTokenFilterPolicy) to enable admin shares over my network.)
2. Is there a way to disable the countdown to deny feature? I frequently am multitasking and have an install going on one computer while I'm doing something else on another. If I am distracted for a few seconds I could miss an important prompt. Sometimes it also takes me some time to research what the heck is trying to run something or access the Internet. 20 seconds just isn't long enough. I'd rather it just sat there and waited for me to answer. A beep when a Firewall prompt is displayed would be a nice feature, and even a reminder beep after a couple of minutes would be welcome, but just denying the action after 20 seconds is intolerable.
BTW, I love the Kerio / Sunbelt Firewall and have been a long term user. I hope that I can get this working acceptably under Vista so that I don’t have to learn something else.
1
person has this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Thank you for your post! Lets check these settings one at a time.
Under Network Security, Under Applications, make sure you have Any Other Applications set to ask for both Trusted and Internet in, and permit for both Trusted and Internet out.
Also under Network security, under applications, make sure Windows File and Printer Sharing Trustin In and Trusted Out are set to Permit.
Under Predefined, do you have Other ICMP packets set to permit for trusted and Internet? How about Broadcast under that section too? Those need to be set to permit. Under the trusted area tab, make sure you have a check mark in all of the available options. Under Advanced tab, make sure you have Gateway Mode enabled.
Question 2: The timer is currently by design and can not be changed but I will forward these suggestions to be considered in future builds. Thank you for posting, please let us know if you need any further assistance.2 Comments
Add a comment
This answers the question
-
Thanks for the quick reply!!! Here are answers to your questions.
1. Under Network Security, Applications, the setting for "Any Other Application" is "ask" across the board. I don't think that is a problem. I am in the learn mode.
File and Printer sharing is set to Permit on Trusted.
Under predefined, ICMP is deny for trusted and Internet. I compared the settings with the older Kerio filewall on my XP machine, and they are the same. Is it even possible to change these predefined settings? I tried disabling and it didn't have any effect.
Broadway is allowed across the board.
Gateway mode is enabled.
So the problem remains. Interestingly, if I disable the firewall and immediately reenable it, the problem goes away. One way or another, this is a bug.
2. I installed version 4.6.1861 and I think was not getting the deny countdown. It almost immediately asked me to update, which I did. Is the deny countdown new functionality that could be disabled by going back to the prior version? -
Okay, I dd some more playing. I tried to uninstall and reinstall, but this time it did not say there was an update. I also set up a non-administrative share and STILL had the same issue of being unable to access the share from my XP box. I went to the Intrusions tab, and clicked the "Advanced" button in the top (NIPS) section. I then did a "Permit" on medium priority intrusions. After that, shares work. On the first attempt I got the popup asking if I would allow the incoming File / Print sharing request from my XP computer.
How bad am I sacrificing security by doing this? I live behind a router, so am pretty well protected from Internet intrusions.
I am really hoping for an option to disable the countdown to deny. I looked away for a second while doing a major install today and hit the permit with 3 seconds remaining on the countdown to allow it to launch an application. No idea what nasty state I might have been left it if this had been denied!
Thanks again for your help. Please let me know.. -
Inappropriate?Bjp, Setting the medium to allowed does mean it allows more connections in. I would like to get some log information from you to help me find out which of those NIPS rules is causing the problem, and then we can have you disable it. Please email us at support@sunbeltsoftware.com and we will send you instructions on how to get the information we need.
