Re: Closing ports using Sygate

louise wrote:
> Duane Arnold wrote:
>
>> louise wrote:
>>
>>> ohaya wrote:
>>>
>>>>
>>>> tenplay wrote:
>>>>
>>>>> Greetings! I am a user of the free version of the Sygate Personal
>>>>> Firewall. I was informed by the "Shields Up!!" security testing
>>>>> website
>>>>> that I should close external access to Port 1025. Please give
>>>>> instructions. Thank you. Mike
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Mike,
>>>>
>>>> I don't think that that version of Sygate has a direct way to configure
>>>> which ports are open/listening, but if you go to Tools -> Application,
>>>> you'll get a window showing a list of applications. If you then click
>>>> the "Advanced" button at the bottom of that window, you'll get another
>>>> window, and there are two radio buttons, "act as client" and "act as
>>>> server".
>>>>
>>>> I think that when the "act as server" button is selected/enabled, the/a
>>>> port associated with the application is left open by Sygate.
>>>>
>>>> For some reason that I've never understood, it seems like Sygate sets
>>>> both the "act as client" and "act as server" buttons set/enabled by
>>>> default, and you have to go in manually as I described above to shut
>>>> down potentially listening ports associated with applications.
>>>>
>>>> Jim
>>>
>>>
>>>
>>> I have the Pro version of Sygate.
>>>
>>> I've never been able to figure out what needs to "act as server" and
>>> what doesn't. How does one assess this? For example, an anti-spam
>>> program attached to Outlook or my AV or...anything that goes and
>>> looks for updates?
>>>
>>> TIA
>>>
>>> Louise
>>
>>
>>
>> Any program/application running on your machine that initiates contact
>> with a remote site *Acts as a Client*. Outlook acts as a client as it
>> must initiate contact with the POP3 server in order to send and
>> receive emails to/from the POP3 server.
>>
>> If you had the Windows 2k Pro or XP Pro O/S with you running IRIS as
>> the WEB server program, you wanted people/clients to access the
>> WEB/FTP Site, you wanted the personal FW to accept unsolicited inbound
>> connections (anyone on the Internet can connect and access your
>> Web/FTP site) on port 80 HTTP Web or ports 20 and 21 for FTP, then IIS
>> on the machine behind Sygate must be set to *Act as a Server* as that
>> is a server program and it *serves* information to clients.
>>
>> On the other hand, IE on your machine would be set to *Act as a
>> Client* because IE must initiate contact to a Web server to access
>> information on the Web server over the Internet.
>>
>> In other words, if *Act as a Server* is set, all unsolicited inbound
>> traffic will reach the program/application on the inbound port the
>> application/program is listening on. If the setting is *Act as a
>> Client*, then the program behind the PFW *must* initiate contact with
>> the site before the PFW will allow inbound traffic back to the program
>> on the inbound port the program is listening on - that's solicited
>> traffic and the PFW is going to let that traffic through. If other
>> inbound traffic comes from somewhere to the program on the port the
>> program is listening on and was not solicited, that unsolicited
>> inbound traffic is not solicited and is going to be blocked by the PFW.
>>
>> 99.9% of the programs running on your machine are client programs for
>> Internet access and are making contact with server programs on the
>> Internet. Server means it *serves* and client means it requests.
>>
>> Duane :)
>
>
> Thanks - that makes the whole thing make some sense and I can hopefully
> figure it out from here.
>
> Louise

You're welcomed. But you should take note on this. The settings are moot
for you with Sygate setting behind that NAT router you have, because the
router is performing that function in front the machine running Sygate.

The router stops all unsolicited inbound traffic to the machines behind
the router and the machines *Act as Clients* as the program running on
the machine *must* initiate contact with a remote site/WAN IP before the
router will allow that traffic back to the machine - solicited inbound
traffic back from the solicited WAN/IP.

Again, if the machine had an IIS Web server running and you wanted
client machines on the Internet to make contact with the machine (all
unsolicited inbound traffic to reach the Web server on the inbound ports
80 HTTP and 20 and 21 FTP, the the router must be configured with Port
Forwarding rules to direct the inbound traffic on ports 80, 20 and 21 to
the IP/machine that has IIS running.

In that respect, the machine running IIS with the ports forwarded on the
router to the IP/machine running IIS, the machine is *Acting as a
Server*. If the ports are forwarded on the router by you making rules
for forwarding, the port is open to all public unsolicited inbound
traffic. If you have not done that, then the port on the router only
becomes open due to the machine behind the router making the solicitation.

The Acting as a Client and Acting as a Server with Sygate really only
comes into play for a machine that has a direction connection to the
Internet - no router or FW appliance between the modem and the computer.

However, it doesn't hurt to have Sygate supplementing the router to stop
outbound traffic by setting outbound traffic rules with Sygate that a
router that doesn't have the ability to stop outbound traffic by setting
rules.

Duane :)
Received on Tue Feb 7 20:58:28 2006