Windows Firewall Port Ranges?

I have a issue with getting port exceptions from being applied. I have
Symantec Corp. Antivirus and I need to get our XP sp2 clients to communicate
with the Windows 2003 Anti-virus server. I can get the client to see the
server and the server can see the clients. According to Symantec port 2967
is what is needed for thse two to talk. I have that defined in a GP and I
can go into the firewall on the client and confirm that GP pushed it down. I
can not get the clients to update their virus deffinition files. I get a
communication error when I try to update them manualy from the server. I
check all the ports I could and it seems right.

The symantec website said something about using random ports and they
suggest using a 2967* for the port range. Can the windows firewall accept a
range like this? That also list some ranges like TCP 1024-4999 Will the
firewall accept ranges like that or does each port need to be defined
seperatly?
--
RS
MCSE, MCP +I MCP

You can't add a range, but you can specify each port individually. The
fastest way to do that is a script, like this:

To add a range of ports to Windows Firewall from the Command Line
Click Start, click Run, type cmd, and then click OK.
Type in the following where the range is specified in ( ) and the name of
the firewall entry is in " ".
FOR /L %I IN (29670,1,29679) DO netsh firewall add portopening TCP %I
"Symantec AV"%I
Each port in the range will be added with an "OK" confirmation.

"Rschraeger" wrote:

> I have a issue with getting port exceptions from being applied. I have
> Symantec Corp. Antivirus and I need to get our XP sp2 clients to communicate
> with the Windows 2003 Anti-virus server. I can get the client to see the
> server and the server can see the clients. According to Symantec port 2967
> is what is needed for thse two to talk. I have that defined in a GP and I
> can go into the firewall on the client and confirm that GP pushed it down. I
> can not get the clients to update their virus deffinition files. I get a
> communication error when I try to update them manualy from the server. I
> check all the ports I could and it seems right.
>
> The symantec website said something about using random ports and they
> suggest using a 2967* for the port range. Can the windows firewall accept a
> range like this? That also list some ranges like TCP 1024-4999 Will the
> firewall accept ranges like that or does each port need to be defined
> seperatly?
> --
> RS
> MCSE, MCP +I MCP

The code did not work for me, but this one did

Code
-------------------
for /L %i in (9000,1,9600) do netsh firewall add portopening TCP %i "Port-range %i
-------------------

(Change 9000 to your startport and 9600 to your endport, nothing els
need to be changed, put in a command window.

Beware though, it goes very slow, like one port per second

--
dotpointe
-----------------------------------------------------------------------
dotpointer's Profile: http://forums.techarena.in/members/dotpointer.ht
View this thread: http://forums.techarena.in/server-networking/890789.ht

http://forums.techarena.i

Thank you for the useful command.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"dotpointer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> The code did not work for me, but this one did:
>
>
> Code:
> --------------------
> for /L %i in (9000,1,9600) do netsh firewall add portopening TCP %i
> "Port-range %i"
> --------------------
>
> (Change 9000 to your startport and 9600 to your endport, nothing else
> need to be changed, put in a command window.)
>
> Beware though, it goes very slow, like one port per second.
>
>
> --
> dotpointer
> ------------------------------------------------------------------------
> dotpointer's Profile: http://forums.techarena.in/members/dotpointer.htm
> View this thread: http://forums.techarena.in/server-networking/890789.htm
>
> http://forums.techarena.in
>