User guide
CHAPTER 5: Types of Services
66 WatchGuard Firebox System 6.0
N
OTE
Allowing SMB through the Firebox is extremely insecure, and is strongly
discouraged unless used through a VPN connection. These configuration
settings are to be used only if there is no other alternative, and service
icon settings should be as specific as possible.
Characteristics
• Protocol: SMB (over TCP and UDP)
• Server Port(s): 137 (UDP), 138 (UDP), 139 (TCP), 42 (TCP for WINS
replication)
• Client Port(s): 136 (UDP), 137 (UDP), 139 (TCP)
• RFC: No RFC, but see:
http://www.microsoft.com
Common Scenarios
Scenario 1
Description
Clients on the Trusted interface need to talk to a Windows NT
server on the Optional network. Although not required, WINS
servers should be installed on both Trusted and Optional
networks; configure the clients on the Optional network to use the
Optional WINS server as a primary and the Trusted WINS server
as a secondary.
Configure the clients on the Trusted to use the Trusted WINS
server as a primary and the Optional WINS server as a secondary.
If you choose to use two WINS servers, it would be beneficial to
allow WINS replication across the Firebox as well as adding the
Browser Service to the WINS servers.
Icons in the Services Arena
SMB is a multi-service icon. You may, however, need to add these
icons to your services arena:
- One UDP icon for port 137. Set client port to “port” to enable
NetBIOS lookups.