Allow SMB (File Sharing) connections from other local networks

[libove]

I have two LANs, connected to each other by a permanent VPN.

LAN1 is 192.168.255.0/26 and LAN2 is 192.168.254.0/26.

With Kaspersky Security Cloud Firewall disabled on two computers, COMPUTER1 on LAN1 and COMPUTER2 on LAN2, the Windows 10 built-in firewall rules (which I have updated to allow File Sharing connections to/from both of the above networks) work correctly. That is, folders shared by COMPUTER1 may be accessed from COMPUTER2, and folders shared by COMPUTER2 may be accessed from COMPUTER1.

If the Kaspersky Security Cloud Firewall is enabled on EITHER COMPUTER1 OR COMPUTER2 then no file sharing works at all between these two computers.

I looked at the configuration settings for the Kaspersky Security Cloud Firewall and I find a ridiculously long list of “Microsoft” applications, none of which appear to be file sharing/ SMB.

I see lists of Networks, and other discussion threads that talk of setting networks to public or private status (similar to what Microsoft introduced back in, what, Vista?) but at first glance this doesn't seem to be the way to do it, given that COMPUTER1 on LAN1 (192.168.255.0/26) is not connected directly to “a network” that represents LAN2 (192.168.254.0/26), so I don't see which “network” (as Kaspersky sees networks) I should make ‘trusted’(?)

Other than turning off the Kaspersky Security Cloud Firewall component completely (which I'm very happy to do, as long as it DOES let Windows’ built-in firewall operate - DOES IT?), what is the “right” way in Kaspersky Security Cloud to tell the Firewall component on LAN1 (192.168.255.0/26) “It is okay to do SMB File Sharing to and from computers on LAN2 (192.168.254.0/26)"?

thank you.

 

[andrew75]

@libove, try to create a packet rules allowing access.

The rule must be at the top of the list.

[libove]

Instead, I edited my Trusted networks to include the IP address range at the other end of the VPN connection. That worked. (I had to edit one-or-more such Trusted networks, being that my various computers may connect to various wired subnets or wireless SSIDs in each of my homes from time to time).

(Kaspersky's distinction between “local” and “trusted” networks is confusing, and I hope that I'm correct in believing that Kaspersky would understand the difference between this computer's WiFi adapter being connected to a network called “MyHomeSSID” and connecting to any other WiFi network, or especially being connected to some other WiFi network that happens to have the same text SSID but a different BSSID underlying).

I didn't look deeply into packet rules. So I don't know if maybe there is a pre-defined SMB/CIFS/file sharing rule available that may be applied to specific networks or IP ranges. There should be. Just “adding a packet rule” for something as well defined as “permit SMB/CIFS/file sharing with [other network]” would be far more detailed than it should need to be.

I am impressed by the capability of Kaspersky Security Cloud (and the 2021MR2 release 21.2.16.590 reorganizes some parts of the user interface in definitely more intuitive ways) but the product still has a long way to go to good usability.

Thanks to those who responded for their help.

 

[Berny]

@libove Also :

Kaspersky > Settings > Protection > Firewall > Configure packet rules :

=> Local services (TCP) > Rightclick > Edit > Action : "Allow" > Save
=> Local services (UDP) > Rightclick > Edit > Action : "Allow" > Save
=> Reboot

[libove]

This is what I mean about too-hard-to-use interfaces and inadequate documentation.

How would a user - even a technical user (I've been around the block a few thousand times) - know that allowing “Local services” would enable SMB/CIFS file sharing?

Why would I believe that enabling something seemingly broad like “Local services” (ALL local services? telephony? games? sound? PnP? and a hundred more “local” “services”?) would not open up FAR more than needed (which is just, clearly, plainly, SMB/CIFS file sharing)?