locked
hnetcfg functionality for commercial firewalls? RRS feed

  • Question

  • I'm using hnetcfg methods to manipulate Windows Firewall and wonder whether there's similar functionality that will work with commercial firewalls.  For instance, if someone is running a Symantec firewall can I open or close ports on it using hnetcfg or something similar, without having to care which vendor it belongs to?

    Thanks in advance.

    wip

    Friday, March 30, 2012 4:54 PM

Answers

  • The interface used by security center for firewall status and nothing else.

    hnetcfg can only control windows firewall. To control other firewalls, You have to contact the each and every vendor.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    • Marked as answer by wcfWIP Saturday, March 31, 2012 5:10 AM
    Saturday, March 31, 2012 3:34 AM

All replies

  • Symantec endpoint manages Windows Firewall settings, if you use hnetcfg you are probably conflicting with Symantec. 

    You have to contact the each and every vendor about API access, there is probably only one common programming interface of firewalls, which is to report its on-off status to the security center.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    Friday, March 30, 2012 10:21 PM
  • Thanks for your reply.  I'm glad to hear there might be a common programming interface. In fact, that is exactly what I am looking for; so if you could tell me where I could find it I'd be much obliged.

    Friday, March 30, 2012 11:31 PM
  • The only obligation in the interface is to tell Windows the firewall's status so you can see the status in the security center. Other than that, there is no API. Microsoft does not ask for what it does not need.


    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    Friday, March 30, 2012 11:34 PM
  • Super. I'll take two.  But I'm not quite sure which interface we're talking about... 

     "The only obligation in _the_ interface...", 

    "Other than _that_, ..."

    Which interface are you referencing?  The hnetcfg object? If so, are you saying one or more of the methods or properties is supported by all firewalls?

    Sorry if I'm not getting it; I appreciate your patience.

    Saturday, March 31, 2012 2:08 AM
  • The interface used by security center for firewall status and nothing else.

    hnetcfg can only control windows firewall. To control other firewalls, You have to contact the each and every vendor.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP

    • Marked as answer by wcfWIP Saturday, March 31, 2012 5:10 AM
    Saturday, March 31, 2012 3:34 AM
  • Got it!  "Security Center". I still couldn't find an interface per se but I assume you're talking about using WMI with \\HOSTNAME\ROOT\SecurityCenter:FirewallProduct to find out whether a product is installed or not.   That's from

    http://www.codeproject.com/Articles/49210/Windows-XP-Security-Center

    Thanks.

    Saturday, March 31, 2012 5:10 AM