We help IT Professionals succeed at work.

NOrtel Contivity 1010 -open port

tmandu
tmandu asked
on
Medium Priority
947 Views
Last Modified: 2011-10-03
I need to open a port. I am in the menu but there is no  port open etc ... can anyone walk me through this. Its port 443 by the way.


Thanks
Comment
Watch Question

If you are not running a firewall you have to create and apply a new "contivity interface filter"

Check your public interface to see what filter it is currently running. It's most likely "default-contivity filter" which only allows inbound IPSEC. You can create and edit filters I believe under: profiles -> filters. just copy the default filter and allow port 443 on top.

Author

Commented:
our firewall is the contivity .. so do i do the contivity interface a filter .

I have no clue where to start what is it under ?
System
servgices
Routing ??
by default the contivity boxes are secured by contivity interface filters which are much like cisco access-lists. If you bought additional firewall license you have a stateful firewall running on your box.

If you have the firewall look under services -> FIREWALL/NAT

Author

Commented:
Yes I have the contivity firewall..So now how can I open a port >

Thx
If you have the Stateful firewall installed there should be a button in FIREWALL>NAT page which will launch a gui tool. Here you can create hosts/networks and insert rules as needed: Make the rule something like.....

Action: PERMIT
source: ANY
destination: "your HTTPS server host"
destination port: 443 or HTTPS

and you can leave other parameters at "ANY." You may have to create custom objects on your own during this process like your server.....  Make sure to put this rule in at the top of your list.
____________________________

If your box is running the "interface filter" instead of the stateful firewall you need to edit your default interface filter.....

you do this in PROFILES>FILTERS

select "Deny All" filter from the Contivity Interface Filters sections. You can edit this default rule and insert a similar rule to the above. You'll have to go through various pages to create new host etc..... remember when you create a host here with a specified IP address use wildcard bits instead of subnet mask. (eg.... host 1.1.1.1/0.0.0.0). Again after you create the rule make sure the rule appears on the very top of the "deny all" filter.

Author

Commented:
Under the GUI is it INterface specific   of IMplied ??
i don't specifically recall the details of the GUI interface but your should create a specific rule. Implied rules should have some default rules that allows normal ipsec functionality of the box(probably not a good idea to touch these rules).

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Hey, I have to OPEN  port 443 for ADP transmission. I am in the NAT FIREwall.
 

 
I added the second rule. under the TCP/ADP icon i putin port 443 , then ACCEPT.
Do i have to have anything under DESTIINATION ( in yellow) like ADPS IP address, or am I looking at this the wrong way ?
 
Also do I have to do anything in the SOURCE INTERFACE RULES. ALso shoudl this new rule be first ???
 
Thanks - I think I'm almost there.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.