I’m using Norton 360, V. 21.2.0.38, on the three machines on my LAN but I’ve never done any configuration. I’ve just used the defaults that come with the standard Norton 360 installation. Recently, however, I ran into a problem with setting up IIS on Windows 8.1. I found that my Windows 7 computers could not see the web sites on the Windows 8.1 server machine. In fact, they could not even ping it. I’ve solved the problem by adding a new traffic rule to Norton 360 on the Windows 8.1 machine. The new rule is:
Allow, Direction: Inbound, Computer: Local subnet, Communications: any, Protocol: All
I’ve moved this rule to the top of the list to make sure it isn’t overridden. Is this OK? Have I created any security hazards with this rule? Or is there a better way to solve this problem?
I’m using Norton 360, V. 21.2.0.38, on the three machines on my LAN but I’ve never done any configuration. I’ve just used the defaults that come with the standard Norton 360 installation. Recently, however, I ran into a problem with setting up IIS on Windows 8.1. I found that my Windows 7 computers could not see the web sites on the Windows 8.1 server machine. In fact, they could not even ping it. I’ve solved the problem by adding a new traffic rule to Norton 360 on the Windows 8.1 machine. The new rule is:
Allow, Direction: Inbound, Computer: Local subnet, Communications: any, Protocol: All
I’ve moved this rule to the top of the list to make sure it isn’t overridden. Is this OK? Have I created any security hazards with this rule? Or is there a better way to solve this problem?
Hai ldt42, Since the rule deals with your local subnet, I assume its safe. Make sure you are using proper subnets (using subnetting and CIDR) and private IPv4 addresses. ( Relative address for IPv6, if required) . I would also suggest to pindown the protocols to HTTP, if that is only you want to be accessed. That way you can reduce risks a lot! Hope it helps… Post back in case of doubts.
" Make sure you are using proper subnets (using subnetting and CIDR) and private IPv4 addresses. ( Relative address for IPv6, if required)"
I would be very interested to know how this could be done with a home router... and also the purpose os assigning different subnets for only 3 machines on the same LAN.
Nikhil_CV, are you familiar with the purpose of subnetting???
Hi Apostolos, Nice point to be noted. I meant, use subnetting in such a way that the usable range of IP is reduced / cut down to the required no of IPs. . (Oh! I am a CCNA for past 2 years, so I think I know what I am dealing with but I didnt mean to offend you by this reply. ;))
Hi Apostolos, May be the comment of subnetting was at wrong time. Since OP hasn’t told anything about router, that suggestion is not up to ocassion. ( Certain high end home/SOHO routers can do subnetting in a way. Having said about cisco2900, there are simulators which can connect simulated devices to real world;). Home routers/modems have the ability to use limited number of IPs, which comes under a large subnet ie, like 192.168.1.100 to 192.168.1.25 under 255.255.255.0 etc and if wireless enabled (in some wired ones) they have VLANs to seperate network.) Lets not go too deep into that ( Its not a n/w forum, so things may go offtopic.) Again i hope none is hurted by my comments.
Thanks for the suggestions. I've modified the rule for TCP, port 80 (HTTP) only. I can still see the web sites but can no longer ping the server machine which is as it should be (ping uses ICMP if I'm not mistaken.)
Thats because only port 80 traffic in now allowed for inbound. Even though your ping request reaches server its reply get blocked at firewall of your firewall.
Since the post has already been answered, I'll throw in my 2 cents.
You don't really need to have a high end router to perform subnetting on a private network because since Norton is the firewall it could handle the subnetting.
When you make the advanced rule, just don't choose "Any Computer on the Local Subnet"
Choose "Only the Computers and SItes Listed Below"
Then select "Using a Network Address".
Put your local gateway and subnet into the boxes.
For the subnet, using the last octec of 252 or 258 will give you 2 or 6 hosts respectively.
However I don't reccomend that on a home network, that would be rather silly.
Just give everyone on the home network full trust and don't allow untrusted people into your home, or lock things down with user groups and folder permissions.
Personally I would have used the network security map to assign trust levels rather than rules since it's easy to forget about your custom rules if you ever need to change things down the line.
