How to block FileSharing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 05:00 AM - edited 03-11-2019 08:24 AM
I have a natted network , all the users in side are accessing one global server Exchnage server xx.xx.xx.21, now i want to implement a rule in my local firewall to block traffic , so that usera cant not access this global server \\xx.xx.xx.21 using file share . I did tried to block port 445, but still file shareing using \\xx.xx.xx.21 is working suggest me a solution
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 05:32 AM
I assume you are refering to CIFS, please try blocking UDP and TCP 445 as these are both used for Microsoft-DS (according to IANA, http://www.iana.org/assignments/port-numbers)
HTH
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 05:44 AM
Here's a link on what to open for communications, reverse it and it should block communications.
http://technet.microsoft.com/en-us/library/bb727063.aspx
Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 09:30 AM
No luck Guys i am using SDM CBAC feature to implement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 10:19 AM
Why don't you post a santized config for us to look at.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 10:22 AM
Collin
I was just able to make the specified fix, basically windows firewall helped.
The Ports which are required to block are 445, 136, 137 and 138
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 10:24 AM
Glad to hear you go it working. BTW the ports you listed are in the link I provided.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 10:46 AM
You are correct, though every thing is available online . Its just they way we have to implement.
Thanks
