Ports needed to be opened

Posted on 2007-11-20
Last Modified: 2008-04-28
I am planning on deploying a SonicWall TZ150 to create an IPSec VPN and would like to know what ports need to be opened on a firewall to allow the VPN to connect. I am installing this solution on a Government facility and need to reqest the correct ports to be opened. I tried to install the device on the network last week and it would not connect. It would allow communication through port 80 but it looked like the problem was UPD port 500 but I want to make sure what ports I need to request to be opened.
Question by:tparus
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Expert Comment

ID: 20325514
you are using the tz150 as an endpoint?  If so, just check the box "enable VPN" and configure the vpn.

Or is there an endpoint behind the tz150?
LVL 19

Accepted Solution

SteveH_UK earned 500 total points
ID: 20326125
I don't know about the particular device you are using, but for IPsec VPNs to work you need the following:

IPsec generally needs UDP 500 for IKE (Internet Key Exchange).  You will also need AH (Authentication Header) and ESP (Encapsulated Security Payload) IP protocols to be allowed (51 and 50).  You may also need IPsec NAT-T which is UDP 4500.

Finally, it is often necessary to allow fragmented IP packets, as encrypted packets are often big.

LVL 19

Expert Comment

ID: 20821091
Thanks for the points :)

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month6 days, 21 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question