Friday, July 15, 2011

Firewall on Servers


Windows Firewall: DNS server

Add UDP port 53 and TCP ports 53, 139, and 445 to the Windows Firewall exceptions list.

Windows Firewall: DHCP server
Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server.
Important:
When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet. If you leave it set to My network (subnet) only, all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is 0.0.0.0, which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses.
Windows Firewall: File server
Enable the File and Printer Sharing exception in Windows Firewall.
Windows Firewall: Print server
Enable the File and Printer Sharing exception in Windows Firewall.
Windows Firewall: Remote access/VPN server
Turn off Windows Firewall. Stop the Windows Firewall/Internet Connection Sharing (ICS) service.
Windows Firewall: Remote installation server
Add TCP ports 139 and 445 to the Windows Firewall exceptions list.
Add UDP ports 67, 69, and 4011 to the Windows Firewall exceptions list.
Windows Firewall: FTP server
Add the port used for incoming FTP traffic to the Windows Firewall exceptions list. This is usually TCP port 21.
Windows Firewall: SMTP server
Add the port used for incoming SMTP traffic to the Windows Firewall exceptions list. This is usually TCP port 25.
For Secure Sockets Layer (SSL) requests, add TCP port 465 to the Windows Firewall exceptions list.
Windows Firewall: Telnet server
Add TCP port 23 to the Windows Firewall exceptions list.
Windows Firewall: Terminal server
Enable the Remote Desktop exception in Windows Firewall.
If Terminal Server and Terminal Server Licensing are running on separate computers, add TCP port 135 to the Windows Firewall exceptions list.
Windows Firewall: SNMP server
Add UDP port 161 to the Windows Firewall exceptions list.
Windows Firewall: Web server
Add the ports used for incoming HTTP and HTTPS traffic to the Windows Firewall exceptions list. These are usually TCP port 80 and TCP port 443, respectively.


Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)