So, you've installed Windows XP Service Pack 2 and you want to use the Internet Connection Firewall to secure your PC? You can still use ActiveSync with the firewall. The following instructions explain how to configure Windows XP Service Pack 2's firewall to work with Microsoft ActiveSync. Included is how to change the configuration to increase the security of ActiveSync using the firewall. With the firewall you can control what hosts ActiveSync is able to communicate with for additional security.
I tested Windows XP, Service Pack 2's firewall with Microsoft ActiveSync v3.7.1, Microsoft Outlook 2002, and an HP iPAQ 6315 running Windows Mobile 2003. This information should work with all versions of ActiveSync and for all Mobile Devices including the Smartphone and Handheld PC. Finally, I have listed the TCP/IP Ports and IP addresses that ActiveSync uses so that you can configure other software firewalls for your PC.
Initial Windows Firewall configuration
When you first launch ActiveSync you will see a Security Alert message on your PC screen as in Fig. 1.
Fig. 1: The first thing you'll see when you load ActiveSync after installing SP2.
Click on the Unblock button to use ActiveSync with Windows XP Service Pack 2's firewall. If you click on Keep Blocking you will not be able to use ActiveSync.
Checking and changing the firewall settings
You can confirm whether or not ActiveSync is allowed through the firewall by clicking on Start > Control Panel > Security Center > Windows Firewall and then select the Exceptions tab. You will see the Windows Firewall screen, shown in Fig. 2. (Note that if ActiveSync is not listed in this screen, launch ActiveSync and then close and reopen the Windows Firewall.)
Fig. 2: The Windows Firewall configuration screen after ActiveSync has been added.
Make sure that the check box next to ActiveSync Connection Manager is checked in order to use ActiveSync. If you wish to synchronize via a network connection you must check the box next to the File and Printer Sharing.
Securing ActiveSync using the Firewall
You can limit the systems that ActiveSync is able to connect to by customizing the security settings for ActiveSync from the Exceptions tab of the Windows Firewall screen (Fig. 2). Select the ActiveSync Connection Manager from the Programs and Services list and click the Edit button. Then, from the Edit a Program dialog box, click on the Change Scope button.
Select the Custom list button and enter: 192.168.55.100/255.255.255.0. This will prevent ActiveSync from accessing the Internet and your network; however it will allow USB, IR and serial connections. If you want to sync via your LAN, enter the IP address of your network and the subnet. You can find these for your connection by clicking on the Support tab for the connection.
Specifying particular hosts that ActiveSync can communicate with allows for more security. However, this is an incomplete security solution. The Windows XP Service Pack 2 Firewall does not allow users to control what TCP/IP ports an application uses, so we cannot prevent ActiveSync from using your PC as a proxy for your Pocket PC. Further, the Windows Firewall only monitors incoming requests from the internet; all outgoing requests are allowed. Other, more full-featured firewalls offer more complete security solutions.
Configuring other firewalls
The concepts behind this firewall configuration can be used to configure any software firewall on your PC. Some firewalls require you to specify the ports that are used by applications to ensure their security. ActiveSync uses the following special TCP/IP ports to communicate with your Pocket PC:
TCP/IP Port — UsageTCP/IP Port
990 — RAPI Requests
999 — Time Server
