The Windows XP Service Pack 2 includes Microsoft Windows Firewall previously known as Internet Connection Firewall. If it is blocking any port that is used by a service or by a program you can configure the settings of Windows Firewall to create an exception. The Windows Firewall Security Alert will tell you that Windows Firewall is blocking a specific program. When this happens you can unblock the program by selecting “Unblock” this program from the Security Alert dialog box. With Windows Firewall Netsh Helper you can configure the Windows Firewall from command prompt. At times Group Policy settings can also prevent programs from executing. Windows XP Service Pack 2 (SP2) includes several tools which can be used to troubleshoot Windows Firewall issues.
Using Security Alert for Configuring Windows Firewall Security
Whenever Firewall blocks any program it alerts about it in a box on the desktop. This box has options to Keep Blocking the program or to unblock it. Select Unblock to add the exception.
Configuring Windows Firewall by using the Windows Security Center
On adding a program to the exception list you enable the firewall to open ranges of ports that could change every time the program is run. To add an exception follow these steps:
1. Login as Administrator.
2. Start -> Run and type wscui.cpl and click OK
3. Windows Security Center will open. Click Windows Firewall.
4. Click the Exceptions tab, and click Add Program.
5. A list of programs will appear, click the name of the program that you want to add, and click OK. If the name of your program is not there click Browse to locate the program.
6. Click OK on all the open Windows to make the changes permanent.
Identify the failure symptoms
Failures because of the default firewall settings will show up in two ways:
1. Client applications might not be able to communicate to the server.
2. Server programs which are running on Windows XP-based computers might not respond properly to the client requests.
How to Add a Port exception
If the Firewall issue didn’t get resolved by adding the program to exceptions list then you can try adding the ports manually to the Port Exception list. Before you could do this you need to know the port number being used by the program. You can use the Netstat.exe tool to identify the ports being used.
1. Start the application which is being blocked and access the network features of that program so that it tries to cross the Firewall.
2. Open the Command Prompt and type netstat –ano > netstat.txt
This command creates a log file which lists all the ports being used by various applications.
3. Execute the command tasklist > tasklist.txt
If the program runs as a service then execute the following command : tasklist /svc > tasklist.txt
4. Open the tasklist.txt file and locate the program which has to be allowed. Note down the process identifier of that program and then open the netstat.txt file.
5. Look for the Process ID in last column of netstat file and then note down the port number.
6. To add this port to the exception list open the Windows Firewall and click the Exceptions tab.
7. Click on Add Port button and add the port number there.
8. Click on OK to make the changes permanent.
Using command line support
Windows Netsh Helper is the command line tool added to Microsoft Windows XP’s advanced networking package. With netsh helper you can do the following:
1. Toggle the default state of Firewall (ON, OFF)
2. Configure Port exceptions
3. Configure access on global ports
4. Configure logging options
5. Configure ICMP handling options
6. Add/Remove programs from the exceptions list
Using the netsh command
1. Execute “netsh firewall” in the very beginning
2. Collect the information regarding the state of Firewall by executing “netsh firewall show state” and “netsh firewall show config”
All the Data gathering commands are:
• show allowedprogram Displays the allowed programs.
• show config Displays the detailed local configuration information.
• show currentprofile Displays the current profile.
• show icmpsetting Displays the ICMP settings.
• show logging Displays the logging settings.
• show opmode Displays the operational mode.
• show portopening Displays the excepted ports.
• show service Displays the services.
• show state Displays the current state information.
• show notifications Displays the current settings for notifications.