I’m trying to think of a proper reason for my first technical post to be about Windows Defender firewall, since I don’t actually consult it that much. With (hardware) network appliances, providing more than capable monitoring/analyzers, or even old-school switch ACL’s, why go through the trouble of using Windows Defender firewall logs which are neither viewable in real-time nor formatted in a proper fileformat?
Well… Most of the time there probably isn’t a very good reason to. However, it does offer a few advantages;
- You can’t get much closer to the source than the OS logging itself, right? At this level you’ll be sure to see if a packet even reaches the system and if it does; how is it processed?
- A lot of (enterprise) networks still have their VLAN gateways reside on switch virtual interfaces, which make it unfriendly to monitor inter-VLAN traffic via VACL’s or PACLs.
- WireShark will always be a much better choice to monitor incoming or outgoing traffic within an OS’es NIC. However, most sysadmins do not wish to install 3rd party tools on their VM’s. Especially tools such as WireShark which can have a negative effect on reliability and performance within a production environment.
- A sysadmin will not always have authorization to network equipment. If you want to ‘prove’ to a network admin whether or not network traffic arrives at a specific host, this will provide a proper indication.
As a real-life example, I wanted to backup a WLC’s config over TFTP, which defaults to UDP/69. The file failed to upload to the TFTP server and seeing that both hosts resided within the same subnet, chances were that Defender firewall blocked the incoming traffic.
So let’s confirm the theory, right? For this situation I created a PowerShell script which makes it easier to go through the logs…
Howdy! 🤠
2023 is here. A fresh new year which, for me, starts off with a new years resolution to hopefully return some value to the www which has taught me so much over the years.
Over here I will try to focus my posts as much as possible on providing relatively easy to understand tutorials, scripts and how-to’s with a strong focus towards real-life IT (networking) challenges.