Firewall And Rras

[sali63t]

hi,

in windows 2008 R2 firewall should effect RRAS connections too, right?

When I add a rule say closing port 443, it is closed in the server but when users connect using pptp protocol (through RRAS) their 443 port is open.

should I do anything else so firewall effects RRAS ?

Regards

 

[ICTCity]

hi,

in windows 2008 R2 firewall should effect RRAS connections too, right?

When I add a rule say closing port 443, it is closed in the server but when users connect using pptp protocol (through RRAS) their 443 port is open.

should I do anything else so firewall effects RRAS ?

Regards

Excuse me... but why do you close the SSL port? PPTP runs at 1723.

 

[sali63t]

Excuse me... but why do you close the SSL port? PPTP runs at 1723.

that is just for testing. I might close other ports.

 

[ICTCity]

that is just for testing. I might close other ports.

So you have a windows server with windows firewall activated and blocking INCOMING traffic on port 443... right?

Clients try to connect with pptp on port 443 right?

Are you sure you blocked port 443 and NOT the SSL service?
How can you be sure that clients are using port 443?

You wrote something that is not correct:

"when users connect using pptp protocol (through RRAS) their 443 port is open"

But this is correct... YOUR firewall BLOCKS connection TO and/or FROM server ITSELF! If clients OPEN the connection locally on port 443 (that's strange...) and connect TO port #1723, you can understand why this works

Anyway, take a look here:

http://technet.microsoft.com/en-us/...WindowsFirewallandconfigurethedefaultbehavior

and here:

http://technet.microsoft.com/en-us/library/ff428136(WS.10).aspx

Finally here:

http://technet.microsoft.com/en-us/library/cc753781(WS.10).aspx

and here:

http://technet.microsoft.com/en-us/library/ff428145(WS.10).aspx



Because you are in a test environment, you could post logs

 

[sali63t]

thanks for the reply,

Actually clients connect with 1723 (pptp) port.
but after connecting they can access https sites which use 443 port.
https site are blocked in the server itself but they are not blocked for vpn users.

Also I couldn't access the links you provided.

Regards

 

[ICTCity]

Here you should find the right link: http://technet.microsoft.com/en-us/library/cc753781(WS.10).aspx

Anyway, I'm not sure that this will work. Think for a while, when you estabilish a VPN you create a tunnel and I think Windows Firewall doesn't know HOW to manage this. Check the link or google "Windows server 2008 firewall log" and post your results... maybe it's just a misconfiguration but it could be also a firewall limitation.

Cheers