Most of you will know by now that the Windows firewall will never block outgoing packets with the exception of some ICMP messages.
Well I'm running a 2003SP1 machine as a mediaserver and a webserver and my Windows Firewall is actually blocking outgoing packets as shown in the Firewall log below:
2005-08-12 15:16:38 DROP TCP 212.*.*.* 184.108.40.206 80 60291 48 SA 3660628605 82937143 16384 - - - SEND
2005-08-12 15:16:39 DROP TCP 212.*.*.* 220.127.116.11 80 60293 48 SA 3967307129 82937143 16384 - - - SEND
2005-08-12 18:40:13 DROP TCP 212.*.*.* 18.104.22.168 554 1091 48 SA 414296467 638940188 16384 - - - SEND
2005-08-12 18:40:18 DROP TCP 212.*.*.* 22.214.171.124 1755 1092 48 SA 278480901 227699711 16384 - - - SEND
Looking at the log, you'll see that ports 80 (http) and ports 554 & 1755 (streaming media) are blocked meaning that my server is quite useless when running the firewall.
Needless to say that the applications and ports are included in the firewall's exceptions list.
When switching on the firewall all goes well for a couple of hours and only some incoming packets will be dropped. About 4-15 hours later something strange will happen and outgoing packets will be dropped as well!
When I switch the firewall off and on again at that stage all things will be back to normal but only for a couple of hours.
Any idea how to troubleshoot this problem?