Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


identifying open ports

Posted on 2010-09-23
Medium Priority
Last Modified: 2012-05-10
I'm not a user of sonicwall devices, but have to learn. So, be gentle with me.
I have a moneris(credit card machine) terminal behind a sonicwall.  Suddenly it stopped working?  
Nobody knows how or even has access to the sonicwall.  So, moneris support says its a firewall issue?
Naturally nobody knows how anything suddenly changed after years. Regardsless, I have one simple task
I don't know how to do.  

Disable the firewall.  It sounds like I need to move a rule up the prioity that allows ALL traffic in and out.
What I'm looking for are details on how to accomplish that to either rule out, or validate that the sonicwall is blocking
ports 443 and or 8031.

If anyone can direct this novice I'd be thankfull.  Generally, I'm not familiar with the security type language and have
troubles understanding without a good "hello world" example.

Question by:iMonkey69
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
LVL 84

Expert Comment

by:Dave Baldwin
ID: 33751671
Is anything working?  If nothing behind the Sonic Wall is working, connect ahead of it to make sure you have a connection to work with.

Expert Comment

ID: 33752054
If you have physical access to the firewall can you try circumventing it temporarily to prove that the problem lies with the firewall? I.e. Remove the connection to the firewall and connect the terminal "directly" to the network.
LVL 33

Expert Comment

ID: 33754103
I'm in agreeance with x3man.  before making any changes to the sonicwall, best bet is to bypass the sonicwall, put the CC machine directly on the internet and test.  if it fails, then you know it's the CC machine.  if it passes, then you know it's the sonicwall.the ports you mentioned, 443/8031, do via these ports need to be allowed through the sonicwall to the CC machine?  Also, do you have an Exchange server internally?  if so, then port 443 will already be mapped to it through the sonicwall.  perhaps you have more than one public IP address?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 15

Accepted Solution

ZabagaR earned 1500 total points
ID: 33765243
Aside from taking the sonicwall off and testing directly to the device in question you can also:

obtain the external wan IP of your network and run a telnet command to port 443 and 8031 from the outside. You can do http://whatismyip.com from internet explorer from any machine on your network. Then go to a command prompt and type telnet x.x.x.x 443 and see if you get blocked or your screen refreshes/responds (meaning open connection). Preferably run that telnet command from a PC outside of your network.

If the sonicwall is blocking do this:

On the sonicwall add 2 services (there's a "service" tab). Call one moneris and assign it tcp 443. Call another moneris2 and assign it tcp 8031. Now you can either run the public server wizard twice OR add 2 WAN to LAN rules. If you run the public server wizard you just tell the sonicwall to allow service 'moneris' to forward to the lan address of your moneris device. Then you'd repeat with the moneris2 service. OR to do this manually, you'd go to firewall settings and make 2 new rules. WAN to LAN, allow all incoming traffic on 443 and pass it to IP of the moneris device. Then repeat for port 8031 (moneris2).

I use sonicwall A LOT.  You didn't say which model you have which can make the solution vary a little.

Author Comment

ID: 33772686
Thanks for all this. There were a couple things I was thinking may work, but haven't tried yet.  From my understanding, depending on the ScreeOS being run you can move the priority of the Access rules. So, effectively I should be able to open an ANY/ANY access rule and elevate it to the top priority and that "should" be a valid sort of simulation to removing the firewall.  At least I theorize that?  Other than that I WILL replace it with a temp firewall to test.  I'll also do the Telnet thing, although I don't know if port 8031 has a responder to accept the connection.  Which was why I wanted to know if there was any way to easily identify "open" ports.  Seems like the easiest way is ALL open, test, back to original config, test.  Then at least I'm down to a firewall issue.

Having said all that, I'm looking at two separate Sonicwall's and one has an easy way to adjust priority, the other, I still don't know how to?  

YES, it's time to sit down with one of these;-)  

I'm going to roll with ZabagaR's educational remarks.  I can do all that as you've tipped me off with this Wizard thingy.  I don't have access, but will get the model later I hope.

Thanks for all the input.  Really;-)

LVL 33

Expert Comment

ID: 33773030
I never recommend disabling the firewall capabilities of any firewall and you do so at your own risk.  It's one thing to take a firewall down and expose a singe host, but quite another to modify the existing firewall and expose your entire network.

Further, we're not talking about JUST the firewall access rules.  Firewall's also perform network address translation (NAT), which can be the largest headache.  It's easy to simply open the firewall for specific traffic, it's another to try and map the public to the private.  The Public Server Wizard eluded to by ZabagaR would create all the address object, firewall rules and nat policies.  However, as I pointed out, port 443 is a common port for SSL and may already be used so you'll need to watch out for that.

Can you provide feedback to my questions here, http:#a33754103?
LVL 15

Expert Comment

ID: 33780221
Yes, port 443 is already a remote management port for the sonicwall. If you are already allowed to https to the sonicwall from the outside/wan then you'd probably want to change that management port to something else. There's a section from the administration tab where you tell the sonicwall if you want to allow management by HHTP and HTTPS then you can also change the default ports right there too.

Author Closing Comment

ID: 33891385
I think the question was answered enough, but I think my wording didn't give enough to get the exact response I needed.  Regardless, I took their tips and used them to figure the rest of the pieces out.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question