I have a Windows 2008 server that is configured as a domain controller. We use a product called Nagios to monitor its services and status. It uses SNMP for communcations between the Nagios server and the DC. I am getting two events (5152 blocking a packet, and 5157 blocking a connection) in the security event log. The application name is SNMP. On the Windows firewall I have set the Inbound and Outbound firewall rules enable the SNMP service on ANY profile. Yet when I run a port scan against that server these two security events seem to tell me that the firewall is ignoring my inbound and outbound rules that allow SNMP and instead blocks that traffic. I've also restarted the SNMP service, the firewall, and even rebooted the server. I'd appreciate any ideas. Here's what the events say. The Windows Filtering Platform blocked a packet. Application Information: Process ID: 3048 Application Name: \device\harddiskvolume1\windows\system32\snmp.exe Network Information: Direction: Inbound Source Address: (my Win 2008 server's IP) Source Port: 161 Destination Address: (The IP address of our Nagios server) Destination Port: 47369 Protocol: 17 Filtering Information: Filter Run-Time ID: 83263 Layer Name: Receive/Accept Layer Run-Time ID: 44

Hi, You may use the protqry utility to confirm if the port is blocked by firewall. New features and functionality in PortQry version 2.0 http://support.microsoft.com/kb/832919 Description of the Portqry.exe command-line utility http://support.microsoft.com/kb/310099 Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Joson and thanks for your reply. I installed PortQry 2.0 and ran a UDP port 161 scan on that server. Here's the results: ============================================= Starting portqry.exe -n 10.25.4.41 -e 161 -p UDP ... Querying target system called: 10.x.y.z Attempting to resolve IP address to a name... IP address resolved to MYSERVER.mydomain.com querying... UDP port 161 (snmp service): LISTENING or FILTERED community name for query: public Sending SNMP query to UDP port 161... UDP port 161 (snmp service): FILTERED portqry.exe -n 10.x.y.z -e 161 -p UDP exits with return code 0x00000002. ==================================================== For the firewall settings I have the following: Desc Name Group Profile Enabled inbound rule SNMP Service (UDP In) SNMP Service Any Yes outbound rule SNMP Service (UDP Out) SNMP Service Any Yes Not sure why it says FILTERED instead of LISTENING when I have port 161 wide open on the firewall. This is not the only Win 2008 Svr we have with this problem but it's representative of the same problem with the others, too. Again, the network firewall is also wide open for port 161. That should be obvious from the event log entries (that port request is reaching the server) but I thought I'd mention that. Any help or suggestions would be greatly appreciated.

Hi, To narrow down the cause of the issue, you may temporarily disable the Windows Firewall on the server and check the result of the portqry utility.This posting is provided "AS IS" with no warranties, and confers no rights.

I had already tried that. I disabled the firewall. It had no affect on the problem or the port scan.