Home Community Discussion Forums Most Active Software Boards LabWindows/CVI Topic

LabWindows/CVI

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windows Firewall and Ethernet

Solved!
Go to solution

Windows Firewall and Ethernet

‎05-28-2013 08:58 AM

Hello,

 

I need to know what Windows Firewall rules need to be set for TestStand/CVI to see the ARP protocol. We see nothing, no ethernet traffic.

 

I have a system (Army Gold Master 7, using TestStand and CVI) that has "standard" government firewall rules. We are trying to communicate over Ethernet to specialized devices and we see no traffic unless we disable the firewall. We are not on the internet (not allowed by gov). The specialized devices send out a broadcast for request for IP but the software never sees it.

 

I've added rules (inbound and outbound) to allow traffic to and from my application (CVI application that does a lot of TestStand active X calls). In the logs I saw something about cviproxy so I set rules to allow that. I've set allow rules for TestStand Runtime engine. I've also turned off Windows defender.

 

Any suggestions? BTW, we will not be allowed to turn off the firewall once it's deployed.

 

Thanks

"Lockheed" Joe
Testing Blog"
0 Kudos
Message 1 of 3
(6,488 Views)
Reply
Solution
Accepted by LockheedJoe

Re: Windows Firewall and Ethernet

‎05-29-2013 01:24 PM

Hey Joe,

 

I did some checking into this, and generally, CVI does not implement ARP packet processing itself--rather, it uses Windows' built in functionality to receive ARP packets and assign IP addresses. ARP is contained in the Ethernet protocol itself, and is lower-level than the concept of ports, so the Windows Firewall cannot directly block ARP packets.

 

Is your CVI software intended to process ARP packets in some way, or are you just wanting to communicate with the devices over Ethernet? If it is the latter, then the IP assignment should happen outside of CVI, and with regards to CVI you would only need to make sure that the correct port was open for communication with the specialized device. This port number would be dependent on the device configuration itself.

 

When you disable the firewall and are able to communicate with the device, how does the device receive its IP address? For example, is it automatically assigned one by Windows or your router (with DHCP) or does it have a static IP assigned to it? It's possible that the IP is getting assigned, but since the specific communication port is blocked by the firewall, communication cannot occur.

 

I hope this helps a bit, and if you can let us know the answers to those questions, we can hopefully provide more insight into the situation.

0 Kudos
Message 2 of 3
(6,467 Views)
Reply

Re: Windows Firewall and Ethernet

‎05-29-2013 01:32 PM

I implimneted the ARP processing.

 

I also figured out that putting a rule in the Firewall rules doesn't necessarily work. I read somewhere that Group Policy Firewall Rules override all others. So I put a rule in the GP and it worked, all the traffic got through.

 

Thanks for your help

"Lockheed" Joe
Testing Blog"
0 Kudos
Message 3 of 3
(6,459 Views)
Reply