FirstlyI know a few terms/things but that is thanks to Google, I am by no means an expert and I am not trying to sound like one. That being said, here is my issue I am trying to resolve (and forgive the long explanation but I want to make sure I give enough info that maybe someone has the answer on the first try).
I had an old Asus router that had a VPN server using PPTP. Once logged in, I could access devices on my network including my computer which has a couple of folder/drive shares that I could access remotely from my mobile device using the native file browsing app.
Android eventually went away from PPTP so I could no longer VPN in and knew eventually I would need to upgrade the router that supported IPsec VPN. Fast forward to today and I replaced my old Asus Router with a new one that uses IPSEC. I created a VPN profile on Android and can successfully access my router/network. I can still access the share folders/drives on my computer via my mobile device without an issue when I am actually at home and connected to my home network/router via Wi-Fi. If I VPN in (disable WiFI and use my mobile data), I can't access them. At first I thought maybe an issue with the router/VPN setup perhaps. My devices LAN all have the usual private network IP's starting with 192.168.X.X and when connected via VPN, my device gets a subnet virtual IP of 10.0.X.X. I was banging my head with the settings of the router but what was confusing me was when I am VPN'd in via mobile data, I can access the WebGUI interface for the router, I can access my printer's WebGUI via it's local IP address on the network, and if I do out to the web, my IP address showing is that of my home internet's, not my mobile carrier's. So it seemed the ASUS router is doing everything it should.
So why can't I access the shares when on VPN but I can if I am on the actual Wi-Fi I??? I think the old PPTP method when using it the router gave me a local 192.168.X.X IP address. So, with more GoogleFu, I began wondering if I was getting blocked at the computer somewhere. So just for fun, I temporarily disabled my Norton 360 smart firewall on my computer and VIOLA!!!! I could access the shared folders/drives while VPN'd in. If I re-enabled the firewall, access denied immediately. FBI calls that a clue. So it would seem, if I get a local 192.168.X.X because I am on the Wi-Fi (or the old PPTP method), my computer/Norton Firewall does not block my app/me when I access the Shares via SMB. If I am on the VPN now (which is a different network), it does.
So it would seem I need to change something on the firewall settings but not sure what. I would think there is something that would allow/trust my mobile device but still provide the protection I should have. I would think it would be hard to hack the VPN so I think there should be something that will allow it but still provide proper protection. Probably is a simple solution that I just can't figure out.
So yes I figured it out I think because it's working fine. After I read your pdf (thanks for that!) I had an idea. What I had to do is create a rule that was based on yours but not select "any computer in the local subnet". See I think (again I'm not a network guy) PPTP VPN creates/gives the VPN'd device an IP on the local network. For example, if your LAN has an IP range using 192.168.1.XX, your device using PPTP would also get a 192.168.1.XX IP so Norton saw it as another device on the local LAN and allowed it. However, with IPsec, you get a different subnet. On the ASUS (and I assume other router makes may have this also) you get a different subnet that you can specify the IP range (as long as it is different than the local LAN IP range). So for example, your computer your trying to reach on your LAN is 192.168.1.XX and your other device if VPN might get 192.168.0.XX IP address. When VPN'd in that device will be treated by Norton as a device on a different subnet and not the local and blocks it. So the key was two things. At first I created a new rule and when it came to the rule on which computer I chose "only the computers and sites listed below." This should give security as this would be only trusted local IP's could access it (assuming your router passwords/network is not compromised). Click Add and selected "using a range." You will need to see what IP range your router assigns devices connected via the VPN. In this example, I added the beginning of the range 192.168.0.0 and ended with up 192.168.0.10 for multiple devices logged in (overkill BTW as I can't see myself doing it more than one or maybe two devices at a time). The rest is as yours was. Now at first it did not work but then I remembered I had to "up" the priority of the rule and moved it up above the Netbios and SMB default blocks. This applies the trusted IP's but should block everything else (WAN IP's). I gave permission using only the same UDP and TCP protocols vs any protocol but when it came to the specific ports, I kept trying 137-139 and 445 which is what SMB appears to use but it would only work if I allowed any communication port. But again, since the VPN login is protected via a certificate as well as a pretty strong password, it should be secure.
Gen trademarks or registered trademarks are property of Gen Digital Inc. or its affiliates. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.
im using ESET Internet Security and i checked the firewall settings and found this
"Also evaluate rules from Windows Firewall"
In automatic mode, allow also incoming traffic allowed by rules from Windows Firewall, unless explicitly blocked by ESET rules.
so i was wondering if this is a potential flaw because i recently saw videos of malware tests with only Windows Firewall/Defender where it would successfully execute code that adds a lot of different rules to the Windows Firewall and downaload a bunch other stuff. If ESET allows everything that is allowed through a rule in Windows Firewall the same thing could happen if u use ESET or exploit other existing rules maybe. Or am i wrong about that im not an expert at all but im very interested to know how it works and if i should disable it.
Also i would like to know if it is a good idea to set my network profile for my normal home connection to "public network" instead of "private network". I always thought if i go with "public network" profile the security would be better and would use stronger settings. Is that true does it provide any security improve even if it is minor ? I never had a problem with it.
so i was wondering if this is a potential flaw because i recently saw videos of malware tests with only Windows Firewall/Defender where it would successfully execute code that adds a lot of different rules to the Windows Firewall and downaload a bunch other stuff.
Allowing inbound Win firewall rules is basically "a doubled edged sword." Whereas this option allows for trouble-free operation of a lot of legit Win 10 network traffic such as Store apps, the problem lies in how Win 10 firewall rules at stored. They are stored in clear text in the Registry and are not natively protected from modification. Although not a frequent occurrence, attackers have been able to create Win firewall rules to allow their inbound traffic. Mitigations against this are custom Eset HIPS rules that monitor Registry modification utilities and the like use such as reg.exe, etc..
Does that mean if ESET is already running (without any new custom made HIPs rules) on my computer and somehow a executable manages to run code to add a rule to Windows Firewall does that traffic is allowed or not ?`
Allowing inbound Win firewall rules is basically "a doubled edged sword." Whereas this option allows for trouble-free operation of a lot of legit Win 10 network traffic such as Store apps, the problem lies in how Win 10 firewall rules at stored. They are stored in clear text in the Registry and are not natively protected from modification. Although not a frequent occurrence, attackers have been able to create Win firewall rules to allow their inbound traffic. Mitigations against this are custom Eset HIPS rules that monitor Registry modification utilities use such as reg.exe and the like.
And thank you for the explanation. Do u or anyone else know what exactly is changed in terms of security and settings (allowed and denied connections) between public and private network? Because i always used public network profile for my home connection.
Do u or anyone else know what exactly is changed in terms of security and settings (allowed and denied connections) between public and private network? Because i always used public network profile for my home connection.
If this is in regards to the Eset firewall, the simplest answer is the following. The Eset Public profile will not allow by default any inbound traffic from other devices on your local network other than the router.
Trying to get to grips with segregating smart TV and firestick through VLAN. Objective is 1) completely segregate thiese from other devices and router, 2) stop them sending data back home, 3) but continue to allow streaming services from internet.
3a8082e126