Endpoint Protection

Hey all.

Have a bit of an issue here.

I have a clientless VPN running that allows me to log into Novel when connected.  I have everything running correctly but I still get ports that are allowing connection from outside on to the system.  Firewall rules are here

1:  Block Ports     App: Any  Host: Any  Time: Any Service: TCP: 139, 445, 3017, 1761
                                                                                                      UDP: 137, 138
2: Allow Novel     App:  Any  Host: Local / Remote: 127.0.0.1 / Internal Private IP scope   Service: Ethernet
3: Block Ping
4: Allow All : IP Outbound
5: Block All: IP Inbound


The problem I have is that everytime I scan the system the same 5 ports show up
135, 139, 445, 427, 1761

I know that 1761 is used for Zenworks Remote management
and 135, 139, and 445 are for File and Print sharing and SMB, 427 is Novel

I am most worried about 135, 139, and 445, as I can map to the root drive of the machine from external.

How do I stop them from showing up and allowing mapping in a nmap scan?

Thanks
Dan

In case anyone wants to know, I have found an easy way to not only get in with a clientless VPN, but as well stealth my system so no one on the outside can see it, as well it allows for Novel login and network mapping.

Sidenote: After fighting with this for a while now, I started at square one, created a firewall with no rules (for information purposes, the firewall in SEP allows NO traffic when there are no rules in place.)

Takes 3 rules

Bloc ports showing in Scan
Block Ping responce
Allow All

As of now I can

Connect via Clientless Split DNS Citrix SSL VPN,
Connect my Novel drives and login to Novel
Run my Groupwise from local desktop, connected to server
Browse internet and network shares

System is not seen will not answer ring and is totally invisible to the internet.

Thanks
Dan