Comodo Firewall blocks port forwarding using Windows ICS

Tried to install Comodo Firewall on Windows computer with Internet Connection Sharing (ICS) enabled and configured for port forwarding becomes the LAN inaccessible from the users behind the WAN interface even if the Global Top Level Firewall Policy allows any connections.

Searched this forum and Internet and there seems like others have had problem like this but no solution seems to have been provided.

The bug/issue
1. What you did: Switch on to the Safe Mode Comodo Firewall on a Windows computer with ICS enabled and configured for port forwarding.

2. What actually happened or you actually saw: Connections from WAN interface to LAN interface (via forwarded ports) of the computer becomes blocked (in the Firewall Log this case is described as “Windows Operating System”).

3. What you expected to happen or see: Normally working ICS with port forwarding from WAN to LAN.

4. How you tried to fix it & what happened:
a) add rule that allows any ip connections from any to any to the top of global rules. Didn’t help.
b) open the Stealth Port Wizard and check option “Alert me to incoming connections - stealth my ports on a per-case basis”. Didn’t help.
c) switch the Firewall mode to “Disabled”. Port forwarding becomes to work normally.

5. If its an application compatibility problem have you tried the application fixes here?: N/A.

6. Details & exact version of any application (execpt CIS) involved with download link: N/A.

7. Whether you can make the problem happen again, and if so exact steps to make it happen:
The problem can be repeated doing next actions:
a) first of all it needs to run at least 2 computers: A and B. The A is a general computer that runs some application that can receive TCP or UDP connections on some port. The B computer is like a gateway; it has 2 network cards: one connected to LAN and one connected to WAN. The A computer is member of LAN. LAN itself controlled by ICS service on the B computer (DHCP, DNS, default gateway provided by the ICS). Also ICS service on the B computer configured to translate incoming connections on some port on WAN to a port on the A computer.

b) for the pure experiment switch off Windows Firewall and Windows Defender on A and B computers.

c) install Comodo Firewall into the B computer. Set it to the “Safe Mode” and create the first global rule that will allow to pass incoming and outgoing connections from any ip to any ip.

d) try to connect from an external computer (i.e. behind the WAN) to the forwarded port on the B computer. It will fails.

e) set Comodo Firewall mode to “Disabled” and try to establish the connection again. It will connects.

8. Any other information (eg your guess regarding the cause, with reasons):
I didn’t know the inner architect of the Comodo Firewall. But the reason of such blocking can be that Comodo firewall cannot clearly define what application tries to process the incoming connection from WAN (this processed by ICS but Comodo Firewall logged this as “Windows Operating System”). Other possible reason can be positioned into the inner Windows ICS architect and it’s mechanism that processes the port forwarding. For example if ICS’s port forwarding mechanism’s logic only process ip packets that was rejected by local system as “a packet to closed port” than Comodo Firewall will reject those packets before they will be processed by ICS.

Files appended. (Please zip unless screenshots).
1. Screenshots of related CIS event logs and the Defense+ Active Processes List: bug_screenshot.png
2. A CIS config report or file:

Your set-up
1. CIS version, AV database version & configuration used: Comodo Firewall 5.5.195786.1383
2. a) Have you updated (without uninstall) from CIS 3 or 4: I did clean install.
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
3. a) Have you imported a config from a previous version of CIS: No, created new.
b) if so, have U tried a standard config (without losing settings - if not please do)?:
4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Set the flag “This computer is an Internet Connection Gateway (i.e. an ICS server)” to true.
5. Defense+, Sandbox, Firewall & AV security levels: D+=Disabled , Sandbox=Disabled , Firewall = Safe Mode , AV = N/A
6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Ultimate SP 1 x64, UAC is at Default level, the account has administrative privileges.
7. Other security and utility software installed: Avira Antivirus Free 10.
8. Virtual machine used (Please do NOT use Virtual box): Not used.

[attachment deleted by admin]

Thank you for your Issue report.

Moved to verified.

Thank you