How do I open the firewall for incoming traffic?
I run a server behind my firewall that the support team needs access to from the outside, so I need to 'open up' the firewall for this.
Embarrassingly enough I have never had to do this from scratch and am at a loss.
The firewall is a 'NETGEAR ProSafe VPN Firewall FVS336GV2'.
I am assuming that this is under the routing section?
I have the - supposed - setting in the image, but somehow that doesn't feel right.
Please help me:
1 - understand what section this should be in (generally on firewalls)
2 - what the technical term for what i am trying to do is
3 - how do I do it?
netgear-route.jpg
Embarrassingly enough I have never had to do this from scratch and am at a loss.
The firewall is a 'NETGEAR ProSafe VPN Firewall FVS336GV2'.
I am assuming that this is under the routing section?
I have the - supposed - setting in the image, but somehow that doesn't feel right.
Please help me:
1 - understand what section this should be in (generally on firewalls)
2 - what the technical term for what i am trying to do is
3 - how do I do it?
netgear-route.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello,
Since this server is on the inside, you don't want to open up the outside world your internal network. And looking a the picture, you don't want to do it in the "Routing" section. What I recommend is set the server on the DMZ. This will segregate the server away from the Internal network and allow your support team on the outside access the server.
Another option is to setup a VPN setup where the support team can VPN in and connect to that box. It maybe on the NetGear ProSafe, or you can use the Cisco ASA, or OpenVPN. Also Astaro has a free virtual box that may work for you that includes most of everything.
Hope that helps.
Since this server is on the inside, you don't want to open up the outside world your internal network. And looking a the picture, you don't want to do it in the "Routing" section. What I recommend is set the server on the DMZ. This will segregate the server away from the Internal network and allow your support team on the outside access the server.
Another option is to setup a VPN setup where the support team can VPN in and connect to that box. It maybe on the NetGear ProSafe, or you can use the Cisco ASA, or OpenVPN. Also Astaro has a free virtual box that may work for you that includes most of everything.
Hope that helps.
ASKER
Ok thanks Neilsr for showing where it is.
Little did i know that the 'logical' place was VPN -> SSL VPN -> Port forwarding, what a dumb place to put that :-/
@Yackko
I do not want to move the server and put it on a DMZ, that would actually increase the security risk since no policies would be covering it at all.
ok, so now when I have the right place:
"Add New Application for Port Forwarding:"
This would thus be the IP of the server that runs this software
I add the IP and the port number (3817)
Then what?
"Add New Host Name for Port Forwarding:"
I can put an IP and a FQDN, would that be the actual name of the server? ( server-name.localdomainnam
and by adding that, what does that do?
Little did i know that the 'logical' place was VPN -> SSL VPN -> Port forwarding, what a dumb place to put that :-/
@Yackko
I do not want to move the server and put it on a DMZ, that would actually increase the security risk since no policies would be covering it at all.
ok, so now when I have the right place:
"Add New Application for Port Forwarding:"
This would thus be the IP of the server that runs this software
I add the IP and the port number (3817)
Then what?
"Add New Host Name for Port Forwarding:"
I can put an IP and a FQDN, would that be the actual name of the server? ( server-name.localdomainnam
and by adding that, what does that do?
dear if you want to give temporary access to suport install teamviewer on your computer and from your computer take remote session of computer in your question, this will help you you dont have to play with your firewall + you will know what support guys do
in case you dont want above suggestion why dont you allow vpn client for support user, as i can see from attached screen shot there is vpn option.
in case you dont want above suggestion why dont you allow vpn client for support user, as i can see from attached screen shot there is vpn option.
http://screenshots.portforward.com/Netgear/FVS336Gv2/Port_Forwarding.htm