sali63t Posted February 7, 2011 Posted February 7, 2011 hi, in windows 2008 R2 firewall should effect RRAS connections too, right? When I add a rule say closing port 443, it is closed in the server but when users connect using pptp protocol (through RRAS) their 443 port is open. should I do anything else so firewall effects RRAS ? Regards Quote
ICTCity Posted February 9, 2011 Posted February 9, 2011 hi, in windows 2008 R2 firewall should effect RRAS connections too, right? When I add a rule say closing port 443, it is closed in the server but when users connect using pptp protocol (through RRAS) their 443 port is open. should I do anything else so firewall effects RRAS ? Regards Excuse me... but why do you close the SSL port? PPTP runs at 1723. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
sali63t Posted February 10, 2011 Author Posted February 10, 2011 Excuse me... but why do you close the SSL port? PPTP runs at 1723. that is just for testing. I might close other ports. Quote
ICTCity Posted February 10, 2011 Posted February 10, 2011 that is just for testing. I might close other ports. So you have a windows server with windows firewall activated and blocking INCOMING traffic on port 443... right? Clients try to connect with pptp on port 443 right? Are you sure you blocked port 443 and NOT the SSL service? How can you be sure that clients are using port 443? You wrote something that is not correct: "when users connect using pptp protocol (through RRAS) their 443 port is open" But this is correct... YOUR firewall BLOCKS connection TO and/or FROM server ITSELF! If clients OPEN the connection locally on port 443 (that's strange...) and connect TO port #1723, you can understand why this works :) Anyway, take a look here: http://technet.microsoft.com/en-us/library/cc947815(WS.10).aspx#bkmk_ToenableWindowsFirewallandconfigurethedefaultbehavior and here: http://technet.microsoft.com/en-us/library/ff428136(WS.10).aspx Finally here: http://technet.microsoft.com/en-us/library/cc753781(WS.10).aspx and here: http://technet.microsoft.com/en-us/library/ff428145(WS.10).aspx Because you are in a test environment, you could post logs ) Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
sali63t Posted February 14, 2011 Author Posted February 14, 2011 thanks for the reply, Actually clients connect with 1723 (pptp) port. but after connecting they can access https sites which use 443 port. https site are blocked in the server itself but they are not blocked for vpn users. Also I couldn't access the links you provided. Regards Quote
ICTCity Posted February 14, 2011 Posted February 14, 2011 Here you should find the right link: http://technet.microsoft.com/en-us/library/cc753781%28WS.10%29.aspx Anyway, I'm not sure that this will work. Think for a while, when you estabilish a VPN you create a tunnel and I think Windows Firewall doesn't know HOW to manage this. Check the link or google "Windows server 2008 firewall log" and post your results... maybe it's just a misconfiguration but it could be also a firewall limitation. Cheers Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts