This content has been marked as final. Show 6 replies
Any ideas anyone ?
As I mentionned in my original post, I did create said rules according to MSFT... (just check the links I provided)...
It did not work.
HIPS still blocks some connection. I know it's HIPS because synchronisation works when I deactivate the FW. What's more, it blocks something, but doesn't log it (what, why) although I told it to log everything :(
Do you have connection aware firewall rule enable?
Allow Outgoing DNS (UDP Port 53)
Allow In/Out BootP (UDP Port 67-68)
Allow In/Out NTP (UDP 123)
Allow NetBios rule group (only from known IP addresses)
Allow Incoming LDAP (UDP 389)
Create ActiveSync rule group and allow the following:
Allow rapimgr.exe, WCESMgr.exe, wcescomm.exe
Allow Incoming TCP Port 990
Allow Incoming TCP Port 999
Allow Incoming TCP Port 5678
Allow Incoming TCP Port 5721
Allow Incoming TCP Port 26675
Allow Outgoing UDP Port 5679
Thanks for the answer.
I had put the 4 rules (RAPIMGR.EXE, WCESMGR.EXE, WCESCOMM.EXE and CEAPPMGR.EXE) in a group (for readability) but not in a "connection aware group" (!) is this important ?
Right now, I've just taken the 4 rules out of any group so they are "always active" I expect. (I'm not yet too comfortable with HIPs settings.)
You mention incoming/outgoing rules for "specific ports" for the activesync programs. I presently have allowed all ports outgoing & incoming for those 4 programs. (I know it is less secure, this is while I'm trying to get the syn to work correctly).
I'd expect that if I allow "more than necessary" (i.e. all ports instead of just the 6 specific ports) it should work, don't you agree ?
Yet, with "more open than needed" it doesn't work.
[SIZE="1"](My other problem is that I don't have such a smartphone to test here, so I set-up rules and ask the users to give me test-results sad )[/SIZE]
Issue resolved now . . . . details to follow
Here is the working configuration i used. Using CAG based on IP address given to ActiveSync USB Connection
CAG (Connection Aware Group) Settings
Activesync firewall rules
*note the netbios port rules specificed, which runs off the screen shot are:-
epmap (135), netbios_ns (137), netbios_dgm (138), netbios_ssn (139)
When specifying process to tie rule to make sure u choose this setting: -