Permitting clients to browse for files and printers in the network

You can enable the client to either share its files or to browse for shared files and printers on the local network. To prevent network-based attacks, you may not want to enable network file and printer sharing.
You enable network file and print sharing by adding firewall rules. The firewall rules allow access to the ports to browse and share files and printers. You create one firewall rule so that the client can share its files. You create a second firewall rule so that the client can browse for other files and printers.
The settings work differently based on the type of control that you specify for your client, as follows:
Client control or mixed control
Users on the Windows client can enable these settings automatically by configuring them in Network and Host Exploit Mitigation.
Users on the Mac client can only enable or disable the firewall.
Mixed control
A server firewall rule that specifies this type of traffic can override these settings on Windows.
All firewall rules are server firewall rules on a Mac.
Server control
These settings are not available on the client.
To permit Windows clients to browse for files and printers in the network (Option 1)
  1. On the console, open a Firewall policy.
  2. On the
    Firewall Policy
    page, under
    Windows Settings
    , click
    Rules
    .
  3. On the
    Rules
    tab, in the
    Rules
    list, select the rule you want to edit, right-click the
    Service
    field, and then click
    Edit
    .
  4. In the
    Service List
    dialog box, click
    Add
    .
  5. In the
    Protocol
    dialog box, in the
    Protocol
    drop-down list, click
    TCP
    , and then click
    Local/Remote
    .
  6. Do one of the following tasks:
    To permit clients to browse for files and printers in the network
    In the
    Remote port
    drop-down list, type
    88, 135, 139, 445
    .
    To enable other computers to browse files on the client
    In the
    Local Port
    drop-down list, type
    88, 135, 139, 445
    .
  7. Click
    OK
    .
  8. In the
    Service List
    dialog box, click
    Add
    .
  9. In the
    Protocol
    dialog box, in the
    Protocol
    drop-down list, click
    UDP
    .
  10. Do one of the following tasks:
    To permit clients to browse for files and printers in the network
    In the
    Local Port
    drop-down list, type
    137, 138
    .
    In the
    Remote Port
    drop-down list, type
    88
    .
    To enable other computers to browse files on the client
    In the
    Local Port
    drop-down list, type
    88, 137, 138
    .
  11. Click
    OK
    .
  12. In the
    Service List
    dialog box, make sure that the two services are enabled, and then click
    OK
    .
  13. On the
    Rules
    tab, make sure the
    Action
    field is set to
    Allow
    .
  14. If you are done with the configuration of the policy, click
    OK
    .
  1. To permit Mac clients to browse for files and printers in the network (Option 2)
  2. In the console, open a Firewall policy.
    The Mac firewall is available as of version 14.2.
  3. On the
    Firewall Policy
    page, under
    Mac Settings
    , click
    Rules
    .
  4. On the
    Rules
    tab, in the
    Rules
    list, select the rule you want to edit, right-click the
    Service
    field, and then click
    Edit
    .
  5. In the
    Service List
    dialog box, click
    Add
    .
  6. In the
    Protocol
    dialog box, in the
    Protocol
    drop-down list, click
    TCP
    , and then click
    Local/Remote
    .
  7. To enable other computers to browse files on the client, in the
    Local Port
    drop-down list, type
    139
    and
    445
    .
    Outgoing requests to browse the network from the Mac are enabled by default.
  8. Click
    OK
    .
  9. In the
    Service List
    dialog box, make sure that the new service is enabled, and then click
    OK
    .
  10. On the
    Rules
    tab, make sure the
    Action
    field is set to
    Allow
    .
  11. If you are done with the configuration of the policy, click
    OK
    .
Printer discovery on Macs is through the Bonjour service, which is open by default. You do not need to configure a custom rule for the Bonjour service.
More information