Windows Firewall



  • Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?
    Example: we had a Site call in that their Credit Cards wouldnt Process, and they were having problem settling the Credit Card batch from the previous day. Someone thought they were helping and turned on Windows firewall on the Terminal that was set as "master"
    With windows firewall blocking communication between the 2 points Their Credit Cards were creating mock transaction stored on the Terminal set as "master" for the amount they were supposed to pay,
    Turning windows firewall off on the terminal allowed the processing of the cards to flow as it should.

    Im just wondering why , if anybody knows, Windows Firewall would stop the program from communicating?

    We supply Firewalls to every site because we turn windows firewall off, So we protect the sites as much as possible with configured firewalls from the office. ( I think we use Sonic Walls, I dont make the rules guys, Im just a tech). Im only asking because im curious if there is an answer out there.
    Thanks



  • @wrcombs said in Windows Firewall:

    Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?
    Example: we had a Site call in that their Credit Cards wouldnt Process, and they were having problem settling the Credit Card batch from the previous day. Someone thought they were helping and turned on Windows firewall on the Terminal that was set as "master"
    With windows firewall blocking communication between the 2 points Their Credit Cards were creating mock transaction stored on the Terminal set as "master" for the amount they were supposed to pay,
    Turning windows firewall off on the terminal allowed the processing of the cards to flow as it should.

    Im just wondering why , if anybody knows, Windows Firewall would stop the program from communicating?

    We supply Firewalls to every site because we turn windows firewall off, So we protect the sites as much as possible with configured firewalls from the office. ( I think we use Sonic Walls, I dont make the rules guys, Im just a tech). Im only asking because im curious if there is an answer out there.
    Thanks

    I never turn off Windows Firewall even when I have an edge firewall. The same goes for Linux too.



  • @wrcombs said in Windows Firewall:

    Im just wondering why , if anybody knows, Windows Firewall would stop the program from communicating?

    Windows Firewall wasn't set to allow that program/port communication.

    Windows Firewall SHOULD be enabled, always. It's up to the IT there to make sure Windows Firewall policies allow needed programs and ports to communicate properly through the firewall.



  • @black3dynamite If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.



  • @wrcombs said in Windows Firewall:

    @black3dynamite If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.

    Then you need to put some rules into the Windows firewall to allow the communication through.

    If you need, put wireshark in between these systems and see what ports are being used.



  • Which firewall profile is active? Its possible that it was set up and working on private but then the profile was switched to public.



  • Also worth looking at is "the back office PC" as this likely has a firewall with rules not allowing the traffic in.



  • @wrcombs said in Windows Firewall:

    @black3dynamite If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.

    You can temporarily turn on Log dropped packets to see what's being blocked.



  • @wrcombs said in Windows Firewall:

    If we dont turn it off, It wont communicate with the Back office PC and problems with Credit Card processing and general communication between front house and back office.

    By that logic, nobody would use a firewall anywhere, ever. But they are everywhere, and services are flowing through just fine.

    You need to create the proper rules to allow communication.



  • @black3dynamite said in Windows Firewall:

    Which firewall profile is active? Its possible that it was set up and working on private but then the profile was switched to public.

    For clarification, you are refereeing to the 3 profiles in Windows Firewall?



  • @wrcombs said in Windows Firewall:

    @black3dynamite said in Windows Firewall:

    Which firewall profile is active? Its possible that it was set up and working on private but then the profile was switched to public.

    For clarification, you are refereeing to the 3 profiles in Windows Firewall?

    Yes.



  • @wrcombs said in Windows Firewall:

    @black3dynamite said in Windows Firewall:

    Which firewall profile is active? Its possible that it was set up and working on private but then the profile was switched to public.

    For clarification, you are refereeing to the 3 profiles in Windows Firewall?

    Yes, Domain, Private and Public.



  • So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..



  • @black3dynamite said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    @black3dynamite said in Windows Firewall:

    Which firewall profile is active? Its possible that it was set up and working on private but then the profile was switched to public.

    For clarification, you are refereeing to the 3 profiles in Windows Firewall?

    Yes, Domain, Private and Public.

    We turn all 3 profiles off to run our system. But from the sounds of it that is just the lazy thing to do.
    I dont make the rules, I was just curious why it wouldnt work, Ive never heard of shutting it off before i started working here.



  • @wrcombs said in Windows Firewall:

    So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

    That is a horrible practice. . .



  • If it's on a Microsoft Windows AD Domain, use the Domain profile. Is it?



  • @dustinb3403 said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

    That is a horrible practice. . .

    Like i said, I dont make the rules, I just follow them being only a month old in the company
    I thought it sounded off when they were going through the system requirements with me.



  • @wrcombs said in Windows Firewall:

    @dustinb3403 said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

    That is a horrible practice. . .

    Like i said, I dont make the rules, I just follow them being only a month old in the company
    I thought it sounded off when they were going through the system requirements with me.

    I didn't blame you, there are many horrible things we all have to fix on a regular basis. This one is up to you to fix.



  • @dustinb3403 said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    @dustinb3403 said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

    That is a horrible practice. . .

    Like i said, I dont make the rules, I just follow them being only a month old in the company
    I thought it sounded off when they were going through the system requirements with me.

    I didn't blame you, there are many horrible things we all have to fix on a regular basis. This one is up to you to fix.

    How would I go about telling my Boss that This needs to be changed?
    This is the way they told me it was supposed to be



  • @wrcombs said in Windows Firewall:

    @dustinb3403 said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    @dustinb3403 said in Windows Firewall:

    @wrcombs said in Windows Firewall:

    So it is possible to use Windows Firewall in our system, but instead of going through and creating rules in windows firewall, we just turn it off..

    That is a horrible practice. . .

    Like i said, I dont make the rules, I just follow them being only a month old in the company
    I thought it sounded off when they were going through the system requirements with me.

    I didn't blame you, there are many horrible things we all have to fix on a regular basis. This one is up to you to fix.

    How would I go about telling my Boss that This needs to be changed?
    This is the way they told me it was supposed to be

    Eh. . . is your boss the easy going kind of person or do they seem like the type with a stick up their arse?



  • @dustinb3403 would both be an acceptable answer?



  • As for working to remedy the situation I would look to the vendor to tell you what ports need to be open on both the client and server.

    If they are useless and tell you "just disable the firewall" then setup wireshark between the client and "back room" and see where and what is dropped when you have the firewall enabled.





  • @wrcombs said in Windows Firewall:

    @dustinb3403 would both be an acceptable answer?

    Doesn't really help to get a feeling for the person. . .



  • He is kind of Both, Sometimes he has a stick up there and sometimes hes chill and laid back.
    It really depends on Call load and if anybody is slacking off and not doing any work.



  • @wrcombs said in Windows Firewall:

    He is kind of Both, Sometimes he has a stick up there and sometimes hes chill and laid back.
    It really depends on Call load and if anybody is slacking off and not doing any work.

    Ask him if the only reason Windows Firewall is turned off is because nobody knew how to use Firewalls and needed a quick way to allow any and all communications to get the Point of Sales Terminals and Back Office PC talking.

    Maybe not in those exact words, but get at if there's no real reason to have it off, it should be on... especially if there's someone who knows how to use a firewall to set up the rule to make it work.



  • @obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .

    Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .



  • @dustinb3403 said in Windows Firewall:

    @obsolesce there isn't any reason to have the firewall off at all, which I get is your point and to tiptoe around the fact that whoever set this up like this needs to get slapped in the back of the head. . .

    Edit: Which of course might be your boss needing the slap in the back of his head @WrCombs . . .

    giphy.gif


  • Service Provider

    @wrcombs said in Windows Firewall:

    Im generally curious, Why does Windows Firewall block communication between Point of Sales Terminals, and the Back office PC?

    Because by default it should block everything. You certainly don't want that stuff wide open without having explicitly made it so. That's the whole purpose of the firewall is to block until allowed.


  • Service Provider

    @wrcombs said in Windows Firewall:

    We supply Firewalls to every site because we turn windows firewall off,

    Someone should be fired for that. That's so bad.