(Note: this applies to Windows 7 and may or may not work with newer versions.)
Following steps will lead you to the rule blocking your connection:
- Open a Windows console (with Administration rights) to enter commands
- Enable the audit for Windows Filtering Platform (WFP):
- run command:
auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable
- run command:
auditpol /set /subcategory:"Filtering Platform Connection" /success:enable /failure:enable
- (This may drown you in Event Log data - enabling only failure audits, and possibly only connection failures will reduce the number of log entries. Be selective about what you actually need)
- Reproduce the issue
- Run command:
netsh wfp show state
(this creates a XML file in the current folder)
- Open the event viewer: Run (Windows+R) >
eventvwr.msc
- go to "Windows logs" > "Security"
- in the list, identify the dropping packet log (hint: use the Search feature on the right menu, searching for items (source IP, destination port, etc.)
specific to your issue)
- in the log details, scroll down and note the filter ID used to block the packet
- Open the generated XML file:
- search for the noted filterID, and check out the rule name (element "displayData > name" on the corresponding XML node)
This will give you a good start to find the blocking rule.
When you're done, don't forget to turn off the audit:
- run command:
auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
- run command:
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
Note: depending on your Windows language setting, the auditing service might use different non-English names. To find the subcategory names, run command: auditpol /get /category:*
and find subcategories which correspond to "Filtering Platform Packet Drop" and "Filtering Platform Connection" in the system language.
I've often wanted to do this too, but it seems that the built-in Windows firewall doesn't have much to offer in this regard. I'd be interested to know if you find a solution for getting more detailed logging. – David Woodward – 2016-10-01T04:22:52.117
The Windows firewall is really to protect your PC from the network, not the network from your PC. The network should have its own firewall to protect it. – Ron Maupin – 2016-11-02T18:47:03.127