i'm trying kerio out, it seems to have a bad port logger. not picking up smtp or pop. I wonder if sygate would've seen it. (ethereal sees it) Why should kerio miss that out? How is it deciding what to miss out?
Sometimes when browsing , page weren't loading up, a little red arrow flashes on the icon.
I disabled kerio and immediately the page loaded up.
I opened the port logger and then went to logs..firewall log, to see what it was blocking. (unlike sygate, it doesn't include blocked connections in the scren of the port logger. It's elsewhere)
I saw it had blocked " SSDP " - particularly. There was Listening on my machine 192.168.14.4:1900 svchost.exe , it was blocking incoming connections from my "NAT router" 192.168.1.1:20xy: to my machine.
I thought PFWs didn't block svchost.exe Anyhow, even after adding a rule to allow my router to connect to me (from any port) to me @ 1900, I was still getting red arrows and inaccessible and a list of SSDP blocked. I haven't noticed a problem loading up pages though. I then noticed, that amongst all the ALLOWED including allowed for outgoing svchost.exe, there was a deny for incoming to my port 1900 - svchost.exe.
Is it using a strict policy - white list. Or a black list. It looks like a "white list", many svchost.exe rules allowed. But I've just seen an explicit rule to *deny* SSDP incoming - from any ip any port onto my machine's port 1900. If it's a whitelist, why should it be necessary to say that? And isn't it a silly thing to deny anyway, it should be permitted in the white list! I have amended it to permit it from my router any port. to my comp port 1900.
If only sygate was fixed. It kicks kerio to pluto. Is there any way to nullify whatever security problem sygate has with the open windows?!!
Actually, on trying to post this, Kerio gave 2 flashes of a red arrow poitning upwards, like giving me the finger. And it fails to post. Listing nothing under blocked. disabling kerio lets me send this post!! I guess that problem is unique, but the rest probably are typical.