Firewall "Windows Operating System"

Comodo Internet Security - CIS Firewall Help - CIS
#1

[b]This is just an functionality consideration how exactly you can work through COMODO Firewall on ICS(Internet Connection Sharing), network Bridged, Router/Modem/Switch based networking through to Comodo Protected Server/client environment clean and how to open ports to 3rd machine if the 1st environment is an Server which acts as an Switch or Router(ICS) for 2nd/3rd machines.

Topic is worked through Firewall settings:
-Custom Firewall Mode
-Very High Alert Settings
-Monitoring all machine protocols
-Anything not mentioned on ‘example’ can be blocked and everything will still work[/b]

Well, since I have now had issues with Comodo Firewall on hundreds of cases and every single time explain is the same.

Firewall does not detect ‘Windows Operating System’-rule at all. Wanted to write about solved topic. So, if anyone cannot get RDP or other Windows “Connection”/“Active Network Setup” settings to work most like your issue is that there is no file group nor there is any rules set about ‘Windows Operating System’ (This is not same as ‘Windows System Applications’-Defender+ Rule which is ■■■■ stupid).

  • You can detect, if this is an issue sometimes at ‘Active connections’ when everything gets blocked by ‘Windows Operating System’
  • Most of the cases COMODO doesn’t even see these connections:
  • Which in case your issue would again be at Comodo Connection detection.
    -S- You can correct by making sure that ‘Network Security Policy’ → ‘Network Zones’ = set to your IP + Subnet Mask > Where after setup this Comodo will yet again detect the ‘Windows Operating System’
    -S- After you can make a rule based on ‘Running Processes…’ > select ‘Windows Operating System’ > Make Open TCP IN Connection for Open Ports to 3rd party machine

None of these setups COMODO ‘Training mode’ doesn’t recognize anything it simply doesn’t work.

Example Case:

Machine 1 (Interner Service Provider - Router)
Machine 2 (Windows Vista/7 - Acting as ICS Router) [Machine IP - WAN-IP x.x.x.x → Internal IP ‘Machine 3’ Gateway Address]
Machine 3 (Primary Internet Machine 'Which needs open Port 40000 + RDP connection) [Machine IP - 192.168.x.x]

This scenario would need pretty heavy setup so I will not go in to this setup part more, but simply say to consider an UPNP port forwarding enabled on ‘Machine 2’ that ‘Machine 3’ can add ports forwarded through UPNP application interfaces.

To do this you would need to create rules - Machine 2:

  • Network Zone: Wide Area Network [WAN IP + subnet Mask]
  • Network Zone: Local Area Network [Internal IP 192.168.x.x + subnet Mask: 255.255.255.0]
  • ‘svthost.exe’ standard port forwarding: UDP Out Machine 1(DNS-#1, DNS-#2) → Destination Port 53 — UDP IN Source/Destination IP: Zone: ‘Local Network Area’, Destination Port 53, Loopback Rule: Protocol ‘IP’ Destination IP: ‘Loopback Zone’, ANY Protocol — DHCP/bootp Source IP: ANY Destination IP 255.255.255.255 Ports: Source: 67-68 to Destination: 67-68
  • Rule for ‘Windows Operating System’ → Source: ANY-ANY, Destination [WAN IP x.x.x.x], Destination Port 40000 TCP IN
  • ICS Rule(at actual Network Connection - Sharing Tab) for Port 40000 to WAN IP x.x.x.x (Unless UPNP is enabled, if upnp is enabled: you will need 2 extra rules: ‘System’ TCP IN = Source: any-any, Destination: WAN IP - 2689 — ‘svthost.exe’ UDP Out = Source any-any, Destination: Internal IP 192.168.x.x(Machine 3) - 1900)
  • RDP: svthost.exe rule: TCP IN Source: Zone: Local Area Network <-> Local Area Network: Ports: Source: ANY, Destination: 3389 (or I actually suggest you check how to change default RDP ports since it’s always bad to use an common port).
  • And in some cases you will need ‘ALG.EXE’ rule since this application Forwards on some cases like these the data flow to have Outbound Accesses allowed for ‘Machine 3’ to get standard WWW etc functions.

To do this you would need to create rules - Machine 3:

  • Network Zone: Internal IP / Subnet Mask 255.255.255.0
  • ‘svthost.exe’ rules: UDP Out: Destination IP: ‘Machine 2’ Gateway IP > Destination Port ‘53’ Source IP/Port ‘any’ — UPNP UDP Out: Destination IP: ‘Machine 2’ Gateway IP, Destination Port: 1900, Source IP/Port: Any
  • Standard Application Rules: Allow Application TCP IN port to 40000
  • Standard Application Rules: Allow RDP TCP Out Port 3389(Or Alternative ports as suggested)

If this doesn’t help anyone was just trying to get an direction on screen where to start when building at least to me really difficult setups. Ask away setupped so ■■■■ many kind of setups and servers so far I do think I know few bits and pieces here and there about Comodo Firewall style to function.