How To Open a Port to Allow a Service in Medium Firewall

The Firewall on the IT-100 typically is set at Medium Security for normal operations. Medium Security allows common services such as DHCP, DNS, Email and File Sharing access to your network from the Internet but there may be another service you want to be able to pass through that is normally denied. Services are defined by their Port Numbers and Protocols and when you want to allow a service from the outside to pass through your firewall you are opening a port in your firewall. Other tutorials in this HOW TO Section feature specific lessons on how to allow the services Remote Desktop and PCAnywhere to transverse your firewall but there are literally thousands of services you could potentially allow access to your internal network. This tutorial presents a general set of instructions for how to allow the service of your choice access from the Internet to your IT-100. You must know the name of the service, the port number or numbers used by that service, and if the protocol used by the service is TCP, UDP, or both. Here's how you get started:

1. Go to CoreVista Web

2. On the left-hand sidebar menu, expand the Firewall folder

3. Expand the Advanced Firewall folder in the menu

4. Click the Services file to open it

• The Defined Services box appears

5. Click ADD in the upper right-hand corner of the box

• The Advanced Firewall Service Definition Creation box appears

6. Type the name of the service you want to add in the Description field

7. Type the beginning port number in the first Ports field and the ending port number in the second Ports field

• Note: These could be the same number for both fields such as 53 and 53 or two numbers in sequence such as 67 and 68

8. Click either TCP or UDP or both in the Protocol field

• Note: To select both TCP and UDP, press and hold the Ctrl key and then click on TCP and UDP. Both protocols will be highlighted

• Note: Some services use several port numbers. To add additional fields for more port numbers, click the plus sign (+) under Protocol and then repeat Steps 7 and 8 for as many pairs of numbers and protocols as are used by your chosen service

9. When finished, click CREATE at the bottom of the box

Create a Firewall Rule

1. With the Advanced Firewall folder still expanded, click the Rules file

• The Advanced Firewall Ruleset box appears

2. Click the ADD button in the upper right-hand corner of the Advanced Firewall Ruleset box

• The Advanced Firewall Rule Creation box appears

3. In the From drop down menu, select World

4. In the Source Service drop down menu, select All

5. In the To drop down menu, select World

6. In the Destination Service drop down menu, select the service you created in the Create a Firewall Service section of this HOW TO

7. In the Result drop down menu, select Accept

8. Click CREATE at the bottom of the box

• The new rule is added to the Advanced Firewall Ruleset box

Apply the New Firewall

1. Click directly on the Advanced Firewall folder in the menu

• The Advanced Firewall main page appears

2. In the Apply New Firewall box, click the APPLY button

• The page will refresh and you will receive a message stating that a test will be run and the new rule will be applied in approximately 15 seconds

• The Confirm Firewall box appears

3. Click the COMMIT button

• The new firewall changes are now applied and the port is now opened in the firewall that will allow the service you selected to access your IT-100 from the Internet

• NOTE: You will see a message that states that the firewall has been fully applied. Please check to make sure that all services work as you expect them to. Please verify that the services you usually access plus the new service is accessible in the way you had planned