[KBA-00596] Recommended Windows firewall settings for Omnicast™ - Omnicast™ 4.0 - 4.8

series
Omnicast™ 4.0 - 4.8
revised_modified
2012-03-12

[KBA-00596] Recommended Windows firewall settings for Omnicast™

This article explains how to configure the Windows Firewall settings in order to avoid any conflicts with Omnicast software.

Summary

Omnicast is an IP-based software that relies on network communication to work properly. The Windows Firewall is meant to protect the computer from harmful network traffic; however, it can also block the traffic that is destined for an Omnicast service or application.

In order to have a working Omnicast system, it is necessary to carefully configure the Windows Firewall on each computer running the Omnicast software. This applies to the client stations (running Config Tool, Live Viewer, Archive Player) and to the servers (running services such as the Omnicast Directory, Gateway, Archiver, etc.).

More Information

Here are the recommended Windows Firewall settings for any Omnicast system.

SETTING EXCEPTIONS FOR WINDOWS XP AND WINDOWS 2003

In Windows XP and Windows 2003, it is recommended to set exceptions for the Windows Firewall.

1. On each machine running Omnicast (client and server), open the Control Panel and go to Security Center.

2. Click on Windows Firewall. Make sure the Windows Firewall is turned ON and Don't allow exceptions is unchecked.

Windows Firewall window

3. Click on the Exceptions tab

4. Click the Add Program button

5. If you are on an Omnicast server, click Browse and navigate to:

  • Windows 32 bits: C:\Program Files\Genetec Omnicast Server 4.x
  • Windows 64 bits: C:\Program Files (x86)\Genetec Omnicast Server 4.x

6. Add all the Omnicast services one by one (depending which service is installed):

  • OmniArc.exe (server machines only)
  • OmniDFC.exe (server machines only)
  • OmniDir.exe (server machines only)
  • OmniFed.exe (server machines only)
  • OmniGateway.exe (server machines only)
  • OmniME.exe ((server machines only)
  • OmniVM.exe (server machines only)

Omnicast services

7. If you are on an Omnicast client station or if the client software is installed on the server, click Browse and navigate to:

  • Windows 32 bits: C:\Program Files\Genetec Omnicast Client 4.x
  • Windows 64 bits: C:\Program Files (x86)\Genetec Omnicast Client 4.x

8. Add the Omnicast client applications one by one:

  • ConfigTool.exe
  • LiveViewer.exe
  • ArchivePlayer.exe

client applications

9. Once done, click OK to come back to the main page

DISABLING WINDOWS FIREWALL IN WINDOWS XP AND WINDOWS 2003

In Windows XP and Windows 2003, it is recommended to set exceptions for the Windows Firewall (see previous section). However, if you choose to disable the Firewall, you need to completely disable the Windows Firewall service. Turning off the Windows Firewall through the Control Panel is not enough; the service needs to be completely stopped and disabled.

Please note that Genetec does not recommend disabling the Windows Firewall permanently; it should only be done for troubleshooting purposes.
  1. On each machine running Omnicast (client and server), go to the Start menu, click Run and type services.msc
  2. In the Services window, scroll down and find the Windows Firewall/Internet Connection Sharing (ICS) service
  3. Right-click the service and select Properties
  4. Click the Stop button to stop the service. Then change the startup type to Disabled and click OK.

Once the Firewall service is stopped, restart all the Omnicast applications and services in order to apply the changes. Make sure to re-enable the firewall once your tests are complete.

SETTINGS EXCEPTIONS FOR WINDOWS VISTA, WINDOWS 7 AND WINDOWS 2008

In Windows Vista, Windows 7 and Windows 2008, it is recommended to set exceptions for the Windows Firewall.

1. On each machine running Omnicast (client and server), open the Control Panel and go to System and Security

2. Click on Check Firewall status. Make sure the Firewall is turned on for all the networks (domain, private, public)

3. Click on Allow a program or feature through Windows Firewall

4. If everything is grayed out on that page, click the Change settings button. If nothing is grayed out, go to the next step

Allowed programs and features

5. Click the Allow another program button

Allow another program

6. If you are on an Omnicast server, click Browse and navigate to:

  • Windows 32 bits: C:\Program Files\Genetec Omnicast Server 4.x
  • Windows 64 bits: C:\Program Files (x86)\Genetec Omnicast Server 4.x

7. Select an Omnicast application and press Open

Open the Omnicast application

8. In the Add a Program window, confirm your selection by pressing Add

Add a Program window

9. For each service that you are adding to the exceptions list, make sure to check the three networks (domain, private, public)

Select three networks for gateway

10. Repeat steps 5 to 9 for all the Omnicast services listed below (depending which services are installed):
  • ServerAdmin.exe (server machines only)
  • OmniArc.exe (server machines only)
  • OmniDFC.exe (server machines only)
  • OmniDir.exe (server machines only)
  • OmniFed.exe (server machines only)
  • OmniGateway.exe (server machines only)
  • OmniME.exe ((server machines only)
  • OmniVM.exe (server machines only)

11. If you are on an Omnicast client station or if the client software is installed on the server, click on Allow another program and then the Browse button. Navigate to:

  • Windows 32 bits: C:\Program Files\Genetec Omnicast Client 4.x
  • Windows 64 bits: C:\Program Files (x86)\Genetec Omnicast Client 4.x

12. Select an Omnicast application and press Open

Open an Omnicast application

13. In the Add a Program window, confirm your selection by pressing Add

Add a program

14. For each application that you are adding to the exceptions list, make sure to check the three networks (domain, private, public)

Exception list

15. Repeat steps 11 to 14 for all the Omnicast applications listed below:
  • ConfigTool.exe
  • LiveViewer.exe
  • ArchivePlayer.exe

16. Once done, click OK to come back to the main page

Note:

1. If you want to enable the ping on the machine, click on “Advanced settings”

2. Under the “Inbound rules”, enable the following rule: File and Printer Sharing (Echo Request - ICMPv4-In)

DISABLING WINDOWS FIREWALL FOR TEST PURPOSES IN WINDOWS VISTA, WINDOWS 7 AND WINDOWS 2008

In Windows Vista, Windows 7 and Windows 2008, it is recommended to set exceptions for the Windows Firewall (see previous section). However, if you choose to turn off the Firewall, it is recommended to use the procedure listed below.

Please note that Genetec does not recommend disabling the Windows Firewall permanently; it should only be done for troubleshooting purposes.

Warning:

1) Do NOT disable the Windows Firewall service. This may cause the side effect of closing all incoming ports and unexpected network communication issues might arise. The Windows Firewall service must be started with the startup type set to Automatic.

Automatic firewall setting

2) Do NOT turn off the Windows Firewall through the Windows Control Panel as this action is applied to the currently active hardware profile only. Use the procedure below to turn off the Firewall through the netsh command.

Here is the procedure to turn off the Firewall through the netsh command:

1. On each machine running Omnicast (client and server), click Start menu, type cmd, right-click cmd and select Run as administrator

2. Type the following command and press Enter:

netsh advfirewall set allprofiles state off

Administrator Windows command processor

3. If the command works, you should get an OK as confirmation

4. Once the Firewall service is stopped, restart all the Omnicast applications and services in order to apply the changes. Make sure to re-enable the firewall once your tests are complete.