LAN users cannot access the Internet with the Worry-Free Business Security (WFBS) Personal Firewall service running on the server

- Updated:
- 24 Nov 2016
- Product/Version:
- Worry-Free Business Security Standard/Advanced 8.0
- Worry-Free Business Security Standard/Advanced 9.0
- Platform:
- Windows 2003 Home Server
- Windows 2003 Small Business Server
- Windows 2003 Standard Server Edition
- Windows 2008 Essential Business Server
- Windows 2008 Small Business Server
- Windows 7 32-bit
- Windows Vista 32-bit
- Windows XP Professional

Summary

The server acts as an Internet connection gateway for LAN users when the personal firewall service is running. However, even without policy deployed, users cannot connect to the Internet. It only works when the service is stopped and/or disabled.

Details

This case is similar to the issue of the Common Firewall on VMWare machines, where the host operating system (OS) forwards the packets to the VMWare's IP and not to the IP of the host OS. As a result, the packets will not match any rule in the host OS' personal firewall, causing the packets to be affected by the anchor rule. Unfortunately, our anchor rule is DENY, so the VMWare's incoming packets will be dropped.

In this case, the server forwards the packets from LAN to the Internet. This causes all the packets to be blocked.

To resolve this issue:

Open the Registry Editor (regedit.exe).

Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
Look for the [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW] registry hive.
Add the following registry key:
"EnableGlobalPfwBypassRule" value = 1
where: 1 = enable; 0 = disable (default)