How To: Add a Windows Firewall rule to allow an inbound TCP port access
Windows Firewall is designed to keep a system safe from outsiders by preventing any one or any program from entering via network, be the Internet or local network or any type of network it is. The application ports, like Database service port, License service port etc. are also protected by default when the Windows Firewall service is enabled and none of the workstation system can establish a connection to such service ports. So, we have to add rules on the systems having services installed for allowing access to client workstation systems to work smoothly. But the rules must allow the access explicitly on the certain required ports only to required client network segments. At any point of time the access must not be exposed to public Internet or any unwanted network segment.
Pre-requisites
Administrator access on the server system where the service like, Database, Ginesys license etc. installed.
Information of required port which will be allowed to access for. Following tables mentions the common ports related to a Ginesys deployment.
For security reason, an enterprise may decided to expose a service on a non-default port. Hence, when creating firewall rule the actual port in use should be mentioned.
Service | Default Port |
|
---|---|---|
Oracle database service | 1521 |
|
SQL Server database | 1433 |
|
Ginesys Head-office License service | 9000 |
|
Ginesys POS License service | 9000, 9001 | If Ginesys POS server is installed on the server running Ginesys Head-Office server application, then different ports must be mentioned two license service. In that case 9001 is mentioned for POS license service. |
Remote Desktop | 3389 |
|
List of ports
Step-by-step guide
Follow the given steps to add a rule in Advanced settings section of Windows Firewall rule to allow an inbound TCP port access. Ports are
STEPS | FIGURE |
---|---|
Open Windows Firewall panel. Open Run windows (Windows Key + R) and type and enter firewall.cpl The main Windows Firewall control window opens. |
|
|
|
Select the option Port and click Next. |
|
The wizard asks for specification of ports.
Example: On Ginesys HO server we need to allow access for Oracle database (port 1521) and Ginesys License port (port 9000), then the values to be mentioned in Specific local ports box are, 1521, 9000 |
|
Specify the action be taken. In our case this will be allowing access. Select the option, Allow the connection and click Next. |
|
Specify the network profile in next screen. In general in any office network the network profile either be Domain or Private. For ideal scenario, select those profiles only. But for any unusual case the Public profile has to be selected as well. Tick for profiles Domain and Private. Click Next.
|
|
The wizard will prompt to give a name to the rule. Specify a suitable name for the rule, so that the rule can be identified easily from the list. Click Finish, that’ll close the New Inbound Rule Wizard Example, for the rule on Ginesys HO server allowing access to database and Ginesys license, the suitable name may be, Ginesys Database, License - Allow | |
Once the wizard closes, the new rule can be seen in the inbound rule list. Double click on the rule, the Rule Properties opens up. | |
| |
Selecting the network segment Local subnet will ensure that the workstation systems connected in the local network are able to access the mentioned ports on the server. You must ensure these explicit specifications as security best practice. |
|
Click Apply on the rule Properties window to save and close. Close all firewall windows. |
|