Greetings! I am a user of the free version of the Sygate Personal Firewall. I was informed by the "Shields Up!!" security testing website that I should close external access to Port 1025. Please give instructions. Thank you. Mike
If you have not done anything to open ports by setting some kind of rule or you have mis-configured the personal FW, then the ports are closed by default and are only open when a program behind the FW solicits traffic from a remote WAN/Internet IP. Sygate and Norton have testing sites too and there are others besides Shields-up. You should try some other sites and see what the results are to 1025 being open.
I don't think that that version of Sygate has a direct way to configure which ports are open/listening, but if you go to Tools -> Application, you'll get a window showing a list of applications. If you then click the "Advanced" button at the bottom of that window, you'll get another window, and there are two radio buttons, "act as client" and "act as server".
I think that when the "act as server" button is selected/enabled, the/a port associated with the application is left open by Sygate.
For some reason that I've never understood, it seems like Sygate sets both the "act as client" and "act as server" buttons set/enabled by default, and you have to go in manually as I described above to shut down potentially listening ports associated with applications.
He needs to find out what program/service has the port open and then do as you mentioned above, remove the act as server check. That should fix the problem. If not, then he can indeed create an advances rule to block that port if he's sure it's always 1025 that's open. I believe the free version of Sygate allows you 20 advanced rules, so that should be more than enough. You can block by port and address, etc.
To find out what application/services is running and holding local port 1025 open, just look on Sygate main page at the Running Applications window. (Connection Details must be enabled under view menu) This will show application/service, protocol, connect/listen, ports(local/remote, and IP. Casey
I'm not the OP on this thread, but thanks for posting that info re. "Connection Details". I didn't know Sygate could show that, as after I installed it awhile ago, I mostly just leave it alone except for having disabled the "act as server" on as many apps as I could.
I've never been able to figure out what needs to "act as server" and what doesn't. How does one assess this? For example, an anti-spam program attached to Outlook or my AV or...anything that goes and looks for updates?
Any program/application running on your machine that initiates contact with a remote site *Acts as a Client*. Outlook acts as a client as it must initiate contact with the POP3 server in order to send and receive emails to/from the POP3 server.
If you had the Windows 2k Pro or XP Pro O/S with you running IRIS as the WEB server program, you wanted people/clients to access the WEB/FTP Site, you wanted the personal FW to accept unsolicited inbound connections (anyone on the Internet can connect and access your Web/FTP site) on port 80 HTTP Web or ports 20 and 21 for FTP, then IIS on the machine behind Sygate must be set to *Act as a Server* as that is a server program and it *serves* information to clients.
On the other hand, IE on your machine would be set to *Act as a Client* because IE must initiate contact to a Web server to access information on the Web server over the Internet.
In other words, if *Act as a Server* is set, all unsolicited inbound traffic will reach the program/application on the inbound port the application/program is listening on. If the setting is *Act as a Client*, then the program behind the PFW *must* initiate contact with the site before the PFW will allow inbound traffic back to the program on the inbound port the program is listening on - that's solicited traffic and the PFW is going to let that traffic through. If other inbound traffic comes from somewhere to the program on the port the program is listening on and was not solicited, that unsolicited inbound traffic is not solicited and is going to be blocked by the PFW.
99.9% of the programs running on your machine are client programs for Internet access and are making contact with server programs on the Internet. Server means it *serves* and client means it requests.
Applications like IE and Outlook and all your spyware and AV utilities do not need server permissions. They run as clients. Running them as a server means you're allowing incoming traffic through ports they use without the application first sending out packets and requesting a response. With Sygate, you have to be careful not to exclude networking drivers server permission. Your internet access will be blocked. Google for Sygate Forums; like:
You're welcomed. But you should take note on this. The settings are moot for you with Sygate setting behind that NAT router you have, because the router is performing that function in front the machine running Sygate.
The router stops all unsolicited inbound traffic to the machines behind the router and the machines *Act as Clients* as the program running on the machine *must* initiate contact with a remote site/WAN IP before the router will allow that traffic back to the machine - solicited inbound traffic back from the solicited WAN/IP.
Again, if the machine had an IIS Web server running and you wanted client machines on the Internet to make contact with the machine (all unsolicited inbound traffic to reach the Web server on the inbound ports
80 HTTP and 20 and 21 FTP, the the router must be configured with Port Forwarding rules to direct the inbound traffic on ports 80, 20 and 21 to the IP/machine that has IIS running.
In that respect, the machine running IIS with the ports forwarded on the router to the IP/machine running IIS, the machine is *Acting as a Server*. If the ports are forwarded on the router by you making rules for forwarding, the port is open to all public unsolicited inbound traffic. If you have not done that, then the port on the router only becomes open due to the machine behind the router making the solicitation.
The Acting as a Client and Acting as a Server with Sygate really only comes into play for a machine that has a direction connection to the Internet - no router or FW appliance between the modem and the computer.
However, it doesn't hurt to have Sygate supplementing the router to stop outbound traffic by setting outbound traffic rules with Sygate that a router that doesn't have the ability to stop outbound traffic by setting rules.