Windows Firewall on Dedicated/Virtual Private Servers

When choosing to utilize the Windows firewall built into the Windows 2003/2008 operating system, the following steps explain how CrystalTech recommends how you should setup the firewall.

1. Make sure that the Remote Desktop is checked in the exceptions list. If this is not checked, you will lock your self out of remote desktop connections as soon as you click OK. The exception list is found by clicking the Settings button in the Local Area Connection Properties Advanced tab (note: this is also where you turn on\off the firewall).

2. CrystalTech monitors each dedicated server by using a ICMP monitor. Because of this, ICMP echo requests need to be allowed. ICMP can be turned on by clicking the settings button from the advanced tab in the Windows Firewall settings (note: you will only need to check Allow Incoming Echo request).

3. Should you choose to use your server as a name server, you will need to create two exceptions for this traffic. From the Exceptions tab in the Windows Firewall settings, you will need to click Add Port and add as follows

Port Number: 53

Port Number: 53

4. If your dedicated server is going to be a web server hosting websites on port 80 for http traffic and https on 443, you will need to allow these services. To do this, go to the Settings button found on the Advanced tab in the Windows Firewall. From the Services tab, check Secure Web Server and Web Server.

5. Should you also choose to use your server as a mail server, you will also need to check the Internet Mail Server (SMTP) and the Post-Office Protocol Version 3 (POP3)

6. If you choose to use FTP, you will also need to check FTP server.

7. Two additional ports are required on dedicated servers for Crystaltech services which are TCP 743 and TCP 52155. Exceptions need to be created for these ports for your dedicated server to function correctly with Crystaltech's interface.

8. Any additional programs or services that require specialized ports to connect to the server (ie. SQL server port TCP 1433 and UDP 1434) will need to have exceptions created to allow connections.

Add Feedback