Windows Firewall Blocking All Traffic After Reboot and/or Updates
Customer may have some sort of perimeter firewall appliance (Cisco ASA, LVS, BSD, pfSense) with Windows Server(s) NAT'ed behind the firewall. In many of these scenarios on deployment or thereafter the local Windows Firewall may have been 'disabled' as the firewalling is happening at the perimeter appliance level.
Customer and/or Support may have restarted Windows server due to needing a reboot, updates, crashing. Likewise, customer and/or Support may have modified status of local Windows Firewall on server. All of a sudden, remote access, web services for that server are no longer accessible. Further symptoms can be, from the Windows server itself a ping can still successfully hit outside destinations or gateway, just cannot access remotely. Additionally, from the perimeter firewall appliance, you may not be able to ping the internal IP of the server.
Do not automatically assume it’s a perimeter firewall or networking issue without further troubleshooting.
- What recent changes have occurred?
- Was Windows server recently updated, rebooted, network modifications, etc ?
- Has there been any recent network changes, reboots on the perimeter firewall?
- If there are other servers behind the perimeter firewall are they operating normally, can you ping out successfully from firewall?
- Does the perimeter firewall appear to be operating normally?
- From the local Windows server can you ping its gateway or outside?
- From the perimeter firewall can you ping the local server internal IP?
A big clue to a potential local Windows Firewall block is where there's been no recent changes on the perimeter firewall but the Windows server successfully pings outwards but you cannot ping it from the perimeter firewall. If everything else seems fine on the perimeter firewall, this may indicate a scenario where the Windows Firewall may have re-enabled itself or has been modified to block all incoming traffic.
There are times when the Windows Firewall re-enables itself after reboots and/or Windows updates. This may have inadvertently blocked all incoming traffic.
- Access local Windows server.
- Depending on the Windows version, check in the Network Connections or Server Management section for the 'Windows Firewall'.
- Is it enabled or disabled for the interface or connection responsible for outside access?
- If enabled, disable the Windows Firewall and re-check remote accessibility aspects above.
- Did this restore access and web services?
- Able to ping internally from perimeter firewall to internal IP?