Firewall rure changes when connected to VPN (Sonicwall)

Question

Hi all,

I have a problem with Windows Firewall on Windows10 22H2.

When I'm connected to corporate domain network which profile is "Domain Network",

"Files and Printer sharing" on Windows Firewall is Disabled and port scanning results "Filterd".

But when I connect to VPN (Sonicwall VPN client) which profile goes to "Public Network",

"Files and Printer sharing" on Windows Firewall is Enabled and port scanning results "Open".

On my GPO, I just set Remote Desktop (3389) to be enabled on all network profiles.

I just wonder why this config change occurres on Windows Firewall.

And "Public Network" should be secured than "Domain Network", right?

Why port 445 opens?

I searched the same problem as me but no result was found....

Any idea?

Thanks,

KJWRHRO

Answer 1

Hello there,

This might be due to the SMB.

SMB is a network file sharing protocol that requires an open port on a computer or server to communicate with other systems. SMB ports are generally port numbers 139 and 445.

Port 445 is used by newer versions of SMB (after Windows 2000) on top of a TCP stack, allowing SMBs to communicate over the Internet. This also means you can use IP addresses in order to use SMBs like file sharing.

Some antivirus and firewall software will interact with the VPN connection. You might need to turn off SSL (port 443) monitoring.

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–

Answer 2

Thanks! I'll try to configure ESET!

Answer 3

I looked at all the config of ESET and Sonicwall but there's no mal setting found.

I scanned the port of cliet over VPN and domain network, it acts same,

In domain network, SMB is filterd but in VPN, SMB opens.

Just workaround but I'll put a rule to GPO to ignore this setting...

Very storange...