Announcement

Collapse
No announcement yet.

Firewall Sygate Configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall Sygate Configuration

    I had just install sygate as my firewall, but there is so many application prompting me for access which i am notsure if i should disable them. How should i configured my Firewall? This is on a win2k server acting as a proxy n dhcp for my internal lan. Thanks

  • #2
    It will depends on your needs.
    There is not perfect configuration.
    What kind of ports you need to open?!
    MCSE w2k
    MCSA w2k - MCSA w2k MESSAGING
    MCDBA SQL2k

    Comment


    • #3
      What proxy software are you using? ISA?
      Server 2000 MCP
      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Actually wat port do i have to use i really dunoe, i am using ezproxy on my server. I am also runnng terminal services on this server n i am preparing to use it as a vpn server too.

        Comment


        • #5
          Woah your firewall is going to look like a piece of swiss cheese when you have finished! Anyway the best thing to do is what has already been said, check which ports you need, a quick google for "terminal service port" etc... will soon have your answer or use TCPMon (http://www.sysinternals.com/Utilities/TcpView.html) which will show you what ports are being used. Then start adding rules in the advanced rules section of Sygate, then if your server is only doing the jobs you have said and you have allowed access then it is pretty safe to block anything else. If something stops working then you need to check ports etc... again.

          Introducing a firewall to a mature network is very trial and error.
          Server 2000 MCP
          Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            don't know about sygate of he block inbound only.. or also outbound but:

            for the external nic....

            allow DNS 53 (outbound)
            allow SMTP 25 outbound (maybe also inbound)
            Allow POP3 (if needed) 110 inbound
            allow HTTP 80 (internet, when hosting own website set also for inbound)
            allow FTP 20 and 21 for FTP (outbound/inbound)
            allow RDP 3389 (for terminal services inbound)

            that's it... i guess out of my head...
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Originally posted by Dumber
              don't know about sygate of he block inbound only
              Yes it blocks incomming and outgoing on any network devices (physical or virtual). I think for VPN access you will need 1723 (PPTP), 500 and 50-51 (IPSec) Incomming.

              Just off the top of my head, I would research it to be certain. Good luck.
              Server 2000 MCP
              Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                and protocol GRE for VPN
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Currently for VPN access, i configured it to allow certain MAC address cos i know the MAC address of the PC coming in. But there are those promtp of services, lsa, lass,etc trying to communicate to the external IP n from host i neber heard of. Wat shold i do with those?

                  And ya i will do a search on those use of port number.

                  Comment

                  Working...
                  X