Windows XP with SP2 provides the following tools for troubleshooting Windows Firewall issues:
Netsh firewall show commands
Audit logging
Windows Firewall logging file
The Services snap-in
The Event Viewer snap-in
The Netstat tool
Netsh Firewall Show Commands
To obtain information when troubleshooting Windows Firewall, use the following netsh commands:
netsh firewall show state verbose=enable
This command displays the actual state of Windows Firewall for the current set of settings, as configured by the combination of local Windows Firewall settings and Group Policy-based Windows Firewall settings, and the current set of open ports.
netsh firewall show config verbose=enable
This command displays only the local Windows Firewall settings as configured by local settings. Note that unlike the netsh firewall show state verbose=enable command, this command only shows what is configured locally, rather than the current state of the Windows Firewall. You can use this command when you want to compare what is configured locally to the actual state of Windows Firewall, to determine the changes in Windows Firewall settings due to Group Policy.
The following is an example of the netsh firewall show state verbose=enable command:
Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = None
Remote admin mode = Disable
Scope: *
Local exceptions allowed by group policy:
-------------------------------------------------------------------
Open ports = Enable
Allowed programs = Enable
Log settings:
-------------------------------------------------------------------
File location = F:\XP_PRO\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Service settings:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Scope: LocalSubNet
Disable No UPnP Framework
Scope: *
Disable No Remote Desktop
Scope: *
Program exceptions:
Mode Local policy Name / Program
-------------------------------------------------------------------
Enable Yes Remote Assistance / F:\XP_PRO\system32\sessmgr.exe
Scope: *
Port exceptions:
Port Protocol Local policy Mode Name / Service type
-------------------------------------------------------------------
137 UDP Yes Enable NetBIOS Name Service / File and Printer
Sharing
Scope: LocalSubNet
138 UDP Yes Enable NetBIOS Datagram Service / File and Prin
ter Sharing
Scope: LocalSubNet
139 TCP Yes Enable NetBIOS Session Service / File and Print
er Sharing
Scope: LocalSubNet
445 TCP Yes Enable SMB over TCP / File and Printer Sharing
Scope: LocalSubNet
1900 UDP Yes Disable SSDP Component of UPnP Framework / UPnP
Framework
Scope: LocalSubNet
2869 TCP Yes Disable UPnP Framework over TCP / UPnP Framework
Scope: LocalSubNet
3389 TCP Yes Disable Remote Desktop / Remote Desktop
Scope: *
Ports on which programs want to receive incoming connections:
Port Protocol Version PID Type Wildcarded Forced Name / Program
-------------------------------------------------------------------
500 UDP IPv4 688 App No No (null) / F:\XP_PRO
\system32\lsass.exe
Scope: *
4500 UDP IPv4 688 App No No (null) / F:\XP_PRO
\system32\lsass.exe
Scope: *
123 UDP IPv4 980 App No No (null) / F:\XP_PRO
\system32\svchost.exe
Scope: *
123 UDP IPv4 980 App No No (null) / F:\XP_PRO
\system32\svchost.exe
Scope: *
1900 UDP IPv4 1144 App No No (null) / F:\XP_PRO
\system32\svchost.exe
Scope: *
1900 UDP IPv4 1144 App No No (null) / F:\XP_PRO
\system32\svchost.exe
Scope: *
68 UDP IPv4 980 App No No (null) / F:\XP_PRO
\system32\svchost.exe
Scope: *
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
137 UDP IPv4 (null)
Scope: LocalSubNet
139 TCP IPv4 (null)
Scope: LocalSubNet
138 UDP IPv4 (null)
Scope: LocalSubNet
445 TCP IPv4 (null)
Scope: LocalSubNet
ICMP settings for all network interfaces:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Enable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Additional ICMP settings on Local Area Connection:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Additional ICMP settings on Wireless Network Connection:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Local Area Connection firewall settings:
-------------------------------------------------------------------
Operational mode = Enable
Version = IPv4
GUID = {4C6BDC23-E2CC-4EC3-AF98-2414B6B8DF24}
Wireless Network Connection firewall settings:
-------------------------------------------------------------------
Operational mode = Enable
Version = IPv4
GUID = {04D0C6EE-DB7B-40A1-A4F9-3BA2E03B3053}
The following is an example of the netsh firewall show config verbose=enable command:
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Scope: *
Disable No UPnP Framework
Scope: LocalSubNet
Disable No Remote Desktop
Scope: *
Disable No Remote Administration
Scope: *
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / F:\XP_PRO\system32\sessmgr.exe
Scope: *
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
Scope: *
445 TCP Enable SMB over TCP
Scope: *
137 UDP Enable NetBIOS Name Service
Scope: *
138 UDP Enable NetBIOS Datagram Service
Scope: *
1900 UDP Disable SSDP Component of UPnP Framework
Scope: LocalSubNet
2869 TCP Disable UPnP Framework over TCP
Scope: LocalSubNet
3389 TCP Disable Remote Desktop
Scope: *
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Scope: LocalSubNet
Disable No UPnP Framework
Scope: LocalSubNet
Disable No Remote Desktop
Scope: *
Disable No Remote Administration
Scope: *
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / F:\XP_PRO\system32\sessmgr.exe
Scope: *
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
Scope: LocalSubNet
445 TCP Enable SMB over TCP
Scope: LocalSubNet
137 UDP Enable NetBIOS Name Service
Scope: LocalSubNet
138 UDP Enable NetBIOS Datagram Service
Scope: LocalSubNet
1900 UDP Disable SSDP Component of UPnP Framework
Scope: LocalSubNet
2869 TCP Disable UPnP Framework over TCP
Scope: LocalSubNet
3389 TCP Disable Remote Desktop
Scope: *
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Disable 2 Allow outbound packet too big
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Log configuration:
-------------------------------------------------------------------
File location = F:\XP_PRO\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Port configuration for Local Area Connection:
Port Protocol Mode Name
-------------------------------------------------------------------
23 TCP Disable Telnet Server
3389 TCP Disable Remote Desktop
21 TCP Disable FTP Server
110 TCP Disable Post-Office Protocol Version 3 (POP3)
25 TCP Disable Internet Mail Server (SMTP)
143 TCP Disable Internet Mail Access Protocol Version 4 (IMAP4)
80 TCP Disable Web Server (HTTP)
220 TCP Disable Internet Mail Access Protocol Version 3 (IMAP3)
443 TCP Disable Secure Web Server (HTTPS)
ICMP configuration for Local Area Connection:
Mode Type Description
-------------------------------------------------------------------
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Local Area Connection 2 firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Port configuration for Local Area Connection 2:
Port Protocol Mode Name
-------------------------------------------------------------------
21 TCP Disable FTP Server
25 TCP Disable Internet Mail Server (SMTP)
3389 TCP Disable Remote Desktop
443 TCP Disable Secure Web Server (HTTPS)
143 TCP Disable Internet Mail Access Protocol Version 4 (IMAP4)
23 TCP Disable Telnet Server
220 TCP Disable Internet Mail Access Protocol Version 3 (IMAP3)
110 TCP Disable Post-Office Protocol Version 3 (POP3)
80 TCP Disable Web Server (HTTP)
ICMP configuration for Local Area Connection 2:
Mode Type Description
-------------------------------------------------------------------
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
Wireless Network Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Port configuration for Wireless Network Connection:
Port Protocol Mode Name
-------------------------------------------------------------------
220 TCP Disable Internet Mail Access Protocol Version 3 (IMAP3)
23 TCP Disable Telnet Server
25 TCP Disable Internet Mail Server (SMTP)
443 TCP Disable Secure Web Server (HTTPS)
3389 TCP Disable Remote Desktop
110 TCP Disable Post-Office Protocol Version 3 (POP3)
143 TCP Disable Internet Mail Access Protocol Version 4 (IMAP4)
21 TCP Disable FTP Server
80 TCP Disable Web Server (HTTP)
ICMP configuration for Wireless Network Connection:
Mode Type Description
-------------------------------------------------------------------
Disable 3 Allow outbound destination unreachable
Disable 4 Allow outbound source quench
Disable 5 Allow redirect
Disable 8 Allow inbound echo request
Disable 9 Allow inbound router request
Disable 11 Allow outbound time exceeded
Disable 12 Allow outbound parameter problem
Disable 13 Allow inbound timestamp request
Disable 17 Allow inbound mask request
| 