AVG Firewall not allowing LAN access to gateway

[valraven]

I just installed AVG Internet Security v 7.5.0.460 on a computer running Windows 2000 SP4 that acts as a web & email server & gateway between the internet and a local network. This computer has two network adapters: one for the local area network and one to the ISP.

When the Firewall is activated, the computers on the local network _can_ access external sites, like google.com & grisoft.com. However, they _cannot_ access the web pages or email accounts on the gateway computer. When the Firewall is deactivated, we have full access. Using RDC I was able to confirm the website is accessible from computers outside the local network.

I ran the Firewall Automatic Configuration Wizard as part of the installation. I went to the "Network" tab of the firewall configuration and unchecked the box for the local network as my understanding is this deactivates the firewall for IP addresses in the range listed (User Guide, pg 108). I also followed the instruction of FAQ #258 & 278 to make sure Windows print & filing sharing, Internet Connection Sharing and DNS_Server were allowed.

From any of the LAN computers I can ping the LAN NIC in the gateway, but not the NIC connected to the internet.

Here is the log entry when we try to access the website. A similar log entry is made when we try to access the e-mail account (POP) except the port number is 110.
Date and time: 2007-08-25 11:15:14
Action: Block
Application: Filter Device
Protocol: TCP
Direction: In
Local address: Gateway IP:80
Remote address: LAN Node IP:4186

Can anyone please help me get this resolved so I can get retrieve & send e-mail again!!

Thanks!
L

 

[drchuck59]

I get this all the time in AVG. Did you not get an "Ask" response for the device? Usually AVG will confirm that you want the calling software to access the IP.

Did you add the network IP address to your "Remote Networks"? You need to add this or the Inet NIC will be considered "foreign" and receive the same filtering as anonymous Inet websites. You may need to add rules to your newly defined network (but usually not).

Unchecking a network does not remove it from the firewall! It actually defaults your network to the "All other network" rules.


Chuck Kowalewski
"Forget world peace. Visualize using your turn signal.

 

[valraven]

Thanks for the reply.

AVG never asks us to allow or block when we try to retrieve mail or access the web server from the internal network. It obviously knows it's blocking because we see the log entry, but it never gives us an opportunity to set up a rule to allow the access.

I did set up a remote network with the range of IP addresses for our internal network. But those same IP addresses are found in the adapter list. Checking or unchecking the NIC or network does not affect how the firewall behaves.

What I really want to do is tell AVG to allow all traffic on the one NIC, but so far I haven't been able to figure out how to do that. Any ideas?

Thanks!
L