Windows Firewall Question - 443

i have a windows server 2012 R2 a website is hosted on that box which is inside a DMZ i need open port 443.

is that inbound?
anything else i need to do?
LVL 2
Jorge OcampoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

max_the_kingCommented:
hi,
from a perimeter firewall point of view, it is an inbound connection when coming from outside, e.g. the internet.
hope this helps
max
0
max_the_kingCommented:
You need to NAT your private IP (the one on the Server) on a public IP to let external users access your webserver. You can as well NAT only port 443, should you need only that port
max
0
Jorge OcampoAuthor Commented:
already have a public ip like mention the box is already inside a DMZ and accessible from outside
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Curt PetriccaIT TechnicianCommented:
Set a UDP and TCP inbound and outbound rule for the port(s) the webserver is providing services on. I am assuming you have already configured everything for HTTPS (port 443)? Do you have a redirect from HTTP (port 80) directing inbound requests to the secure version of the site or are you guiding them directly to the secure link?
0
Jorge OcampoAuthor Commented:
yup just stuck on windows firewall part
0
Curt PetriccaIT TechnicianCommented:
max_the_king,

Your solution is what I would also normally recommend in a standard scenario to provide the highest level of security. However the OP has already stated this box is in a DMZ.
0
Curt PetriccaIT TechnicianCommented:
0
max_the_kingCommented:
To test if everything is ok, from outside, do a telnet on port 443 of the public ip and see if it responds.
max
0
Jorge OcampoAuthor Commented:
dont i just need to do this netsh advfirewall firewall set rule name="World Wide Web Services (HTTP Traffic-In)" new enable=yes?
0
max_the_kingCommented:
windows firewall: allow inbound connection on port 443
max
0
Curt PetriccaIT TechnicianCommented:
The following link will guide you through the proper commands.

https://technet.microsoft.com/en-us/library/hh831755.aspx
0
Jorge OcampoAuthor Commented:
in w2008 r2 there is a world wide web services http traffic in rule you can enable dont see it in 2012 R2
0
Curt PetriccaIT TechnicianCommented:
Try the following. I can't test them right now but they should work.

netsh advfirewall firewall add rule name="Webserver port 443 TCP" protocol=tcp localport=443 action=allow
netsh advfirewall firewall add rule name="Webserver port 443 UDP" protocol=udp localport=443 action=allow
0
Jorge OcampoAuthor Commented:
cool ill try them now - just curious i thought it would only be TCP not UDP
0
Curt PetriccaIT TechnicianCommented:
Depends on how you built your server. Most only use TCP for web hosting but I have seen UDP as well for multimedia sites. Use whichever applies. More security is better than less.
0
Jorge OcampoAuthor Commented:
the requester is asking for port 80 also to be open - they mention they already enforce use of port 443 would that be a problem.
0
Curt PetriccaIT TechnicianCommented:
It sounds to me like your end user is utilizing the port 80 redirect that I spoke of earlier. This means that everyone is connecting initially to the unsecure site and being redirected to the secure site. If they want both ports open they probably need it. I would verify with them why they need port 80 (unsecure) when they "enforce" port 443(secure).
0
Jorge OcampoAuthor Commented:
funny enough i just checked the server and windows firewall is off on the public profile this means everything is off correct?
0
Curt PetriccaIT TechnicianCommented:
OMG. "FACEPALM".
0
Curt PetriccaIT TechnicianCommented:
I would verify that you can connect right now to the webserver on that port and then immediately enable all zones and set the port opening rules.
0
Jorge OcampoAuthor Commented:
yup only the domain is on not my server first time checking there server
0
Jorge OcampoAuthor Commented:
would it be possible the firewall part is being handle by something else?
0
Curt PetriccaIT TechnicianCommented:
In reality only the zone that your NIC is zoned for is the one that you need to worry about. That means if your internet connection is on the public zone you need to work on the public zone firewall.
0
Curt PetriccaIT TechnicianCommented:
Unless you have some third party firewall then no.
0
Curt PetriccaIT TechnicianCommented:
To tell what zone your NIC is in open Network and Sharing Center and look at your active networks. If the server is domain joined then you will see the domain name and below it you will see domain network. The same style will be true for a non-domain joined connection.
0
David Johnson, CD, MVPOwnerCommented:
you need both port 80 and port 443 to be open even if you redirect from http to https or you wont get the http request to be redirected.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jorge OcampoAuthor Commented:
issue was on the network side
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.