Issue installing sophos on windows 7 pc, made sure the remote registry service was running, looked round sophos site, but so many misleading answers, finally found this,which mentions file sharing within the windows firewall settings:
http://www.reading.ac.uk/internal/its/help/its-help-pcsecurity/its-sophos-troubleshoot.aspx
section: Updating Has Never Worked Since Installing
Slightly different for me, I typed 'firewall' in search/run bar on start menu. Selected 'Windows Firewall', (not advanced security).
On left selected 'Allow program or feature through windows firewall'
Ticked 'File and printer sharing'
Works now!
P.S
Had another issue after upgrading endpoint to 5.2
Excerpt from: http://downloads.sophos.com/tools/on-line/deployment_guide/en-us/index.html
(on right hand side Enterprise console 5.2)
'Overview of required settings
The table below gives an overview of all the settings required to protect and manage an endpoint computer. If you are familiar with creating and configuring Group Policy Objects (GPOs) you can use the table below to quickly configure your network. If not, follow the detailed instructions below the table.
Requirement Details
Windows Firewall Rules
File and Printer Sharing (SMB-In)
Remote Scheduled Tasks Management (RPC)
Sophos Remote Management (TCP 8192 and 8194 Inbound and Outbound)
Services Task Scheduler (Started)
Windows Installer (not Disabled) '
For me the Windows Installer service needed to be started! It was not disabled, it was just set to manual and in stopped state.
Thursday 26 April 2012
Tuesday 3 April 2012
IIS 7 FTP firewall woes sorted
Note:- First I was following this:
http://learn.iis.net/page.aspx/301/creating-a-new-ftp-site-in-iis-7/
which is similar if not the same to the preceding chapters of the article linked below.
but i did find there was an issue and it was helpful to use this info: http://forums.iis.net/t/1161450.aspx
[quote]D'oh. Instead of setting up a binding to 127.0.0.1 i set up a binding to ::1 and it immediately started working. In the tutorial 127.0.0.1 seemed to work, so i'm not sure whether the tutorial is wrong or it's just a simple setting somewhere. Anyways it's working fine now. [/quote]
'All Unassigned' worked also for me
Bindings found by right clicking Ftp Site -> Edit Bindings
anyway... back to it...
http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings-in-iis-7/
To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:
Important Notes:
The stateful FTP packet inspection in Windows Firewall will most likely prevent SSL from working because Windows Firewall filter for stateful FTP inspection will not be able to parse the encrypted traffic that would establish the data connection. Because of this behavior, you will need to configure your Windows Firewall settings for FTP differently if you intend to use FTP over SSL (FTPS). The easiest way to configure Windows Firewall to allow FTPS traffic is to list the FTP service on the inbound exception list. The full service name is the "Microsoft FTP Service", and the short service name is "ftpsvc". (The FTP service is hosted in a generic service process host (Svchost.exe) so it is not possible to put it on the exception list though a program exception.)
To configure Windows Firewall to allow secure FTP over SSL (FTPS) traffic, use the following steps:
http://learn.iis.net/page.aspx/301/creating-a-new-ftp-site-in-iis-7/
which is similar if not the same to the preceding chapters of the article linked below.
but i did find there was an issue and it was helpful to use this info: http://forums.iis.net/t/1161450.aspx
[quote]D'oh. Instead of setting up a binding to 127.0.0.1 i set up a binding to ::1 and it immediately started working. In the tutorial 127.0.0.1 seemed to work, so i'm not sure whether the tutorial is wrong or it's just a simple setting somewhere. Anyways it's working fine now. [/quote]
'All Unassigned' worked also for me
Bindings found by right clicking Ftp Site -> Edit Bindings
anyway... back to it...
Using Windows Firewall with non-secure FTP traffic
From Article:http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings-in-iis-7/
To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:
- Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
- To open port 21 on the firewall, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21
- To enable stateful FTP filtering that will dynamically open ports for data
connections, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp enable
Important Notes:
- Active FTP connections would not necessarily covered by the above rules; an outbound connection from port 20 would also need to be enabled on server. In addition, the FTP client machine would need to have its own firewall exceptions setup for inbound traffic.
- FTP over SSL (FTPS) will not be covered by these rules; the SSL negotiation will most likely fail because the Windows Firewall filter for stateful FTP inspection will not be able to parse encrypted data. (Some 3rd-party firewall filters recognize the beginning of SSL negotiation, e.g. AUTH SSL or AUTH TLS commands, and return an error to prevent SSL negotiation from starting.)
Using Windows Firewall with secure FTP over SSL (FTPS) traffic
The stateful FTP packet inspection in Windows Firewall will most likely prevent SSL from working because Windows Firewall filter for stateful FTP inspection will not be able to parse the encrypted traffic that would establish the data connection. Because of this behavior, you will need to configure your Windows Firewall settings for FTP differently if you intend to use FTP over SSL (FTPS). The easiest way to configure Windows Firewall to allow FTPS traffic is to list the FTP service on the inbound exception list. The full service name is the "Microsoft FTP Service", and the short service name is "ftpsvc". (The FTP service is hosted in a generic service process host (Svchost.exe) so it is not possible to put it on the exception list though a program exception.)
To configure Windows Firewall to allow secure FTP over SSL (FTPS) traffic, use the following steps:
- Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
- To configure the firewall to allow the FTP service to listen on all ports
that it opens, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP dir=in
- To disable stateful FTP filtering so that Windows Firewall will not block
FTP traffic, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp disable
Subscribe to:
Posts (Atom)