none
How to Adust Win7 Firewall to Allow Access to Shared Folders from Remote Networks Connected by Gateway-to-Gateway VPN?

    Question

  • How can I adjust a Windows 7 firewall so that it allows access to local share drives from a remote LAN connected by a gateway-to-gateway VPN?

     

    The VPN is between two network gateways.  (It is not from a remote PC to a gateway.)  It works normally, so that from LAN-A it is possible to ping remote samba shares located on LAN-B.

     

    On the remote LAN-B, there are also windows shares.  I can connect to these windows shares only if I disable the windows firewall on the remote win7 PCs.   My gateway logs show that port 139 requests timeout. 

     

    I know that I need to adjust the firewall rules for Windows File and Printer sharing, but I cannot figure out how to do this correctly on Windows 7.  I already tried allowing 'any network' in the firewall rule for file sharing on port 139, but this did not work.

     

    Here is a simple test I want to work.  A Win7 PC exists on LAN-A (at IP 192.168.1.50) and a Win7 PC exists on LAN-B (at IP 10.10.10.19).  The following ping command should work:

     

    192.168.1.50> ping 10.10.10.19

     

    If the firewall on the PC in LAN-B is active, the ping times out.  If the firewall is disabled, the ping is successful and I can connect to the remote PC's shares.

     

    How can I relax the firewall rules on the remote PC to allow this type of LAN-to-LAN access?

     

    Thank you,

    Jon

    Sunday, May 08, 2011 2:09 PM

Answers

All replies

  • Hi Jon,

    Thanks for the post!

    I'm trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thanks for your understanding and efforts.

    Regards,

    Miya


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, May 12, 2011 7:06 AM
    Moderator
  • Have you opened SMB port 445?

    Application_protocol  Protocol  Ports 
    SMB                   TCP          445 

    File and Printer Sharing Does Not Work http://technet.microsoft.com/en-us/library/cc787076(WS.10).aspx

    SMB: File and printer sharing ports should be open http://technet.microsoft.com/en-us/library/ff633412(WS.10).aspx

     

    The following ports are associated with file sharing and server message block (SMB) communications:

    • Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
    • Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

     

    947709 How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;947709

     


    Sumesh P - Microsoft Online Community Support
    Wednesday, May 18, 2011 4:10 AM
    Moderator
  • Were you able to try this out?
    Sumesh P - Microsoft Online Community Support
    Monday, May 23, 2011 7:20 AM
    Moderator
  • I am having a similar problem with Windows 7 networking that I hope you can assist me with.

    We have two network shares on a Windows 2003 server in an Active Directory domain.  One shared folder contains many sub folders that are shared out to everyone and are accessible from remote locations via a VPN. 

    The second shared folder contains individual sub folders assigned to each user with NTFS permissions that restrict access to only the individual who owns the folder.  These restriced folders are accessible remotely via the VPN if the user has a Windows XP computer but they ARE NOT accessible to users who are trying to map a network drive to their personal folder using Windows 7 OS.  Can you tell me why Windows 7 will connect to the first shared folder with the lesser restrictions but not to the shared folder with the individual personal folders with tighter permissions?

    I have tried connecting to the personal folders using two different Windows 7 computers and we keep getting an error message saying Access Denied!  When remotely mapping to the parent folder containing the individual personal sub folders, the mapped drive seems to work but the Windows Explorer shows the folder as being empty when there are well over 75 individual personal sub folders in the parent folder.

    The mapped drives to the personal folders work when the user is connected to the network in the office where the Windows 2003 Server is located but does not work when connected remotely.

    Please let me know if my description of the problem is incomplete or you need more information from me.

    • Proposed as answer by Kevin Nally Friday, July 22, 2011 7:34 PM
    • Unproposed as answer by Kevin Nally Friday, July 22, 2011 7:34 PM
    Wednesday, July 13, 2011 5:12 PM
  • Thanks, this is what I was missing.  The rule was already active but I had to add the subnet for the other network to the Scope in the properties of the rule.

    Thanks again!

    Thursday, November 29, 2012 7:14 PM