Skip to main content

Posts

Showing posts with the label firewall

PowerShell check if port is open

PowerShell code snippet to check or test whether a port is open or closed on the IP Address specified.
==============================

$port_num= "2443" $IP_Add="192.168.2.1"
$result = New-Object Net.Sockets.TcpClient $IP_Add, $port_num
if($result.Connected) { write-host "Port 443 is open." $result.close() } else { write-host "Attempt to connect failed, check firewall or other settings." } ==============================

If port 2443 is open in IP Address 192.168.2.1 then PowerShell script will show "Port 443 is open."
If port 2443 is close the script will show "Attempt to connect failed, check firewall or other settings."
If the port is closed it could be that the firewall is not set to accept incoming connections for the particular port.
Do not set firewall settings to open any port if it is not necessary to do it.
If the service or application that is using the port is not operational anymore then close the port that was used by the app…

Netsh show firewall state

How to check Windows firewall advance security current state using command line?
Command line below will check whether the firewall state is on or off.

To check the firewall state via command line type:
   netsh advfirewall monitor show firewall
Command above will display the current firewall state.
If the state shows “ON” the firewall is working.

Sample output:
Domain Profile Settings: ---------------------------------------------------------------------- State                                                   ON Firewall Policy                                   BlockInbound,AllowOutbound LocalFirewallRules                            Enable LocalConSecRules                             Enable InboundUserNotification                   Enable RemoteManagement                          Disable UnicastResponseToMulticast            Enable
Logging: LogAllowedConnections                   Disable LogDroppedConnections                   Disable FileName                                        …

Enable ICMP or Ping request on Windows

If you ping a remote computer but fails, it could be that the firewall does not allow ICMP protocol.

Enabling ICMP or ping requests is quite useful for troubleshooting purposes but it could be also a security issue.
To enable ping or ICMP in Windows Firewall with Advance security, can be done via command line or using the graphical interface.
Command line is quite useful if the setting has to be done repeatedly or it has to be done on multiple machines.
Command line will also be helpful if a setting has to be enabled or disabled at times. Graphical interface is of course the easiest method if it has to be done one time but if the setting has to be done a couple of times then command line or scripting is definitely a good choice unless the person loves to click and click.
Enable Ping response using command line: netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
Disable Ping response using command line: net…

JunOS DHCP set MAC or static binding

How to set a static binding in JunOS? How to set a reservation of MAC address in DHCP? How to configure DHCP manual bindings? Different ways of asking on how to do but only one  specific goal, to assign an IP Address to a specific MAC or hardware. In JunOS SRX firewalls type this command: set system services dhcp static-binding 01:02:03:09:0A:0B fixed-address 192.168.1.1 IP Address of 192.168.1.1 will be assigned to a device with this MAC or hardware identifier of 01:02:03:09:0A:0B . See reference below for more details: http://www.juniper.net/documentation/en_US/junos12.1/topics/example/security-device-dhcp-server-configuring.html To do a reservation of MAC Address on Windows see below: Using Windows GUI see this link: https://technet.microsoft.com/en-us/library/dd759190.aspx The GUI instruction may change from version of the operating system but the logic on how to do it stays the same, you need to know the MAC address which will serve as an identifier so DHCP will know what IP Address will be …

Windows export firewall policy

Use netsh in Windows 7 to export firewall policy using command line.

Open an elevated command prompt and type the netshell command below.

netsh advfirewall export d:\myfirewall.txt


If everything works fine it will display "Ok."

It's exported using a filename with ".txt" extension, but the output is not readable using any text editor.

You can save the file to a USB drive as a backup or import the firewall policy to another computer.


To import the exported firewall policy use this command:

netsh advfirewall import d:\myfirewall.txt


Just replace the word export with "import" and specified the path location of the file.

A very simple way to export firewall policies.


If you want to dig further check out Technet link below:

https://technet.microsoft.com/en-us/library/cc770887%28v=ws.10%29.aspx

If you don't like doing it using command line, exporting firewall policy can also be done using GUI.

Open "Windows Firewall with Advance Security" and loo…