tmandu
asked on
NOrtel Contivity 1010 -open port
I need to open a port. I am in the menu but there is no port open etc ... can anyone walk me through this. Its port 443 by the way.
Thanks
Thanks
ASKER
our firewall is the contivity .. so do i do the contivity interface a filter .
I have no clue where to start what is it under ?
System
servgices
Routing ??
I have no clue where to start what is it under ?
System
servgices
Routing ??
by default the contivity boxes are secured by contivity interface filters which are much like cisco access-lists. If you bought additional firewall license you have a stateful firewall running on your box.
If you have the firewall look under services -> FIREWALL/NAT
If you have the firewall look under services -> FIREWALL/NAT
ASKER
Yes I have the contivity firewall..So now how can I open a port >
Thx
Thx
If you have the Stateful firewall installed there should be a button in FIREWALL>NAT page which will launch a gui tool. Here you can create hosts/networks and insert rules as needed: Make the rule something like.....
Action: PERMIT
source: ANY
destination: "your HTTPS server host"
destination port: 443 or HTTPS
and you can leave other parameters at "ANY." You may have to create custom objects on your own during this process like your server..... Make sure to put this rule in at the top of your list.
__________________________ __
If your box is running the "interface filter" instead of the stateful firewall you need to edit your default interface filter.....
you do this in PROFILES>FILTERS
select "Deny All" filter from the Contivity Interface Filters sections. You can edit this default rule and insert a similar rule to the above. You'll have to go through various pages to create new host etc..... remember when you create a host here with a specified IP address use wildcard bits instead of subnet mask. (eg.... host 1.1.1.1/0.0.0.0). Again after you create the rule make sure the rule appears on the very top of the "deny all" filter.
Action: PERMIT
source: ANY
destination: "your HTTPS server host"
destination port: 443 or HTTPS
and you can leave other parameters at "ANY." You may have to create custom objects on your own during this process like your server..... Make sure to put this rule in at the top of your list.
__________________________
If your box is running the "interface filter" instead of the stateful firewall you need to edit your default interface filter.....
you do this in PROFILES>FILTERS
select "Deny All" filter from the Contivity Interface Filters sections. You can edit this default rule and insert a similar rule to the above. You'll have to go through various pages to create new host etc..... remember when you create a host here with a specified IP address use wildcard bits instead of subnet mask. (eg.... host 1.1.1.1/0.0.0.0). Again after you create the rule make sure the rule appears on the very top of the "deny all" filter.
ASKER
Under the GUI is it INterface specific of IMplied ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey, I have to OPEN port 443 for ADP transmission. I am in the NAT FIREwall.
I added the second rule. under the TCP/ADP icon i putin port 443 , then ACCEPT.
Do i have to have anything under DESTIINATION ( in yellow) like ADPS IP address, or am I looking at this the wrong way ?
Also do I have to do anything in the SOURCE INTERFACE RULES. ALso shoudl this new rule be first ???
Thanks - I think I'm almost there.
I added the second rule. under the TCP/ADP icon i putin port 443 , then ACCEPT.
Do i have to have anything under DESTIINATION ( in yellow) like ADPS IP address, or am I looking at this the wrong way ?
Also do I have to do anything in the SOURCE INTERFACE RULES. ALso shoudl this new rule be first ???
Thanks - I think I'm almost there.
Check your public interface to see what filter it is currently running. It's most likely "default-contivity filter" which only allows inbound IPSEC. You can create and edit filters I believe under: profiles -> filters. just copy the default filter and allow port 443 on top.