Video Screencast Help

Using DameWare Mini Remote Control with SEP12.1 FW policy

Created: 13 Dec 2012 | 8 comments

G'day, we use SEP12.1 with the FW policy rule enabled to block local file sharing from external computers, ports UDP 137, UDP 138, TCP 139, & TCP 445. I want to create a new rule to allow the traffic from the DameWare APPLICATION (using the executable) only, through the ports, also allowign the DW port. I have created the rule below the BLOCK rule - please see attachment - but it still blocks it. Can you please help?? We have Win7 and Win XP OS versions.

Comments 8 CommentsJump to latest comment

Rafeeq's picture

Move the rule 6 above the blue line

update the policy check if that works.

Ajit Jha's picture

Hope the Application name is correct along with the ports. Move the DM Policy on the Top.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Rafeeq's picture

took this from Dameware forum

 

Spoke to Symantec Tech support. On the Symantec Endpoint Protection Manager we went to "Policies", "Firewall", "Edit", select "Global" or the group you want the policy to be applied to, click "Rules", "Add Black Rule".

A new row appears, under name replace "Rule0" with Dameware, under "Services" "Add" a service with the TCP protocol selected and local & remote ports set to 6129 and direction set to both.

The tech had us move that rule all the way up in order. After a few minutes the change propagated to the test machines and we were good. We were also able to install the Dameware solution without creating any additional rules for 137, 139 ...

http://forums.dameware.com/viewtopic.php?f=9&t=343

johan.pienaar@riotinto.com's picture

Thanks for the replies  - i truely appreciate the assistance..

Ok - so firstly - i am unsure if the application executable is correct - i also engaged SolarWinds (Dameware) to assist in that, as i would like to restrict access to the DW app only.. Anyway, so i upped the rule to just above the blue line - but did not work.

I am testing the rule i now modified from Rafeeq's second post from Dameware forums. I will let you know.. Thanks buddies :-)

johan.pienaar@riotinto.com's picture

nooooooo!!!! Stinot work. I have registered at the dameware site and will also add this thread on their forums. There must be a solution - still maybe using the application exe, and correct ports... sigh**

If i do find a solution i will post it here as well... Thanks everyone. If you have any more ideas please let me know.

I have tried all the file share ports, along with 6129.. still nothing... will keep trying..

Rafeeq's picture

can you post the screen shot of dameware getting blocked?

 

johan.pienaar@riotinto.com's picture

My DW rule (configured for all ports as per the "block file sharing... " Rule), is right at the top of the list. Now, DW still gives access denied error, however, the logs on my client displays port 547 as being blocked, under rule "Block all other IP traffic and log"... It is as if it now does not even read my rule right at the top...

DW just has a normal pop-up that says access denied. This is due to the ADMIN$ share being disabled when the file sharing rule is enabled. DW wants to install the agent to the ADMIN$...share.

 

DWvsSEP12FW.jpg
_Brian's picture

The executable to use is dwrcs.exe

Is this the one you're using?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.