Cannot connect to file or printer shares after installing Symantec Client Firewall 8.x

Article:TECH101242  |  Created: 2005-01-20  |  Updated: 2005-01-08  |  Article URL http://www.symantec.com/docs/TECH101242
Article Type
Technical Solution


Issue



After installing Symantec Client Firewall you experience problems connecting to shares while the firewall is enabled. When you disable the firewall, sharing works normally.


Solution



Symantec Client Firewall default rules that block inbound NetBIOS and Microsoft File and Printer Sharing are turned on when you install the product. To avoid the problem, add the connecting computer to the Trusted Zone if possible or disable the rules that are blocking the communication.

Trusted Zone
To allow another networked computer access to shares on your computer, add the connecting computer to the Symantec Client Firewall Trusted Zone. Computers added to the Trusted Zone are able to gain access to the computer as if Symantec Client Firewall is not enabled.

For additional information, read the document How to add client computers to Trusted Zone.


Disable rules
The following procedure explains how to disable the rules that prevent NetBIOS and File and Printer Sharing.


WARNING: Disabling the File and Printer Sharing and NetBIOS rules on a computer that is directly connected to a hostile network (such as the Internet) may compromise the security of your system. File and Printer Sharing and NetBIOS rules should only be disabled on computers that are already behind a network firewall or Network Address Translation (NAT) device. If you are connected to a hostile network, you can use the Trusted Zone to allow access without having to disable the NetBIOS rules.


To disable rules related to File and Printer Sharing
  1. Open Symantec Client Firewall.
  2. Click Client Firewall > Configure > Advanced > General.
  3. Find the Block Windows File Sharing rule, and uncheck it.
  4. Find the Default Inbound NetBIOS Name rule, and uncheck it.
  5. Find the Default Inbound NetBIOS rule, and uncheck it.
  6. Find the "Default Block Microsoft Windows 2000 SMB" rule, and uncheck it.
  7. Click OK.
    If you close the window instead of clicking OK, your changes will not be saved.

Once you have disabled these four rules, you should be able to use File and Printer Sharing for Microsoft Networks with Symantec Client Firewall enabled.

These instructions are based on the default rules after installing Symantec Client Firewall. If you are using custom rules, then you need to modify the rules to allow traffic on the necessary ports. See References for more information.


References
How to Open Ports in the Windows XP Internet Connection Firewall

Some programs seem to stop working after you install Windows XP Service Pack 2
Port Requirements for the Microsoft Windows Server System

If you are using Symantec Client Firewall 5.x, please read the document Microsoft File and Printer Sharing fails after installing Symantec Client Firewall.
If you are using Symantec Client Firewall 7.x, please read the document Cannot connect to file or printer shares after installing Symantec Client Firewall 7.x.


Technical Information
The following ports need to be open for MS File and Printer Sharing: TCP 139, 445; UDP 137, 138, 445




Legacy ID



2005042014074648


Article URL http://www.symantec.com/docs/TECH101242


Terms of use for this information are found in Legal Notices