CHAPTER 4: Types of Services
54
WatchGuard Firebox System
N
OTE
Allowing SMB through the Firebox is extremely insecure, and is strongly
discouraged unless used through a VPN connection. These configuration
settings are to be used only if there is no other alternative, and service
icon settings should be as specific as possible.
Characteristics
•
Protocol: SMB (over TCP and UDP)
•
Server Port(s): 137 (UDP), 138 (UDP), 139 (TCP), 42 (TCP for WINS
replication), 445 (TCP and UDP)
•
Client Port(s): 136 (UDP), 137 (UDP), 139 (TCP)
•
RFC: No RFC, but see:
http://www.microsoft.com
Common Scenarios
Scenario 1
Description
Clients on the trusted interface need to talk to a Windows NT
server on the optional network. Although not required, WINS
servers should be installed on both trusted and optional networks;
configure the clients on the optional network to use the optional
WINS server as a primary and the trusted WINS server as a
secondary.
Configure the clients on the trusted interface to use the trusted
WINS server as a primary and the optional WINS server as a
secondary. If you choose to use two WINS servers, it would be
beneficial to allow WINS replication across the Firebox as well as
adding the browser service to the WINS servers.
Icons in the Services Arena
SMB is a multi-service icon. You may, however, need to add these
icons to your services arena:
- One UDP icon for port 137. Set client port to “port” to enable
NetBIOS lookups.
Summary of Contents for Firebox X1000
Page 1: ...WatchGuard Firebox System Reference Guide WatchGuard Firebox System...
Page 12: ...xii WatchGuard Firebox System...
Page 22: ...CHAPTER 1 Internet Protocol Reference 10 WatchGuard Firebox System...
Page 38: ...CHAPTER 2 MIME Content Types 26 WatchGuard Firebox System...
Page 92: ...CHAPTER 5 Common Log Messages 80 WatchGuard Firebox System...
Page 118: ...CHAPTER 8 Firebox Read Only System Area 106 WatchGuard Firebox System...
Page 164: ...CHAPTER 9 Glossary 152 WatchGuard Firebox System...