Questions

Configure firewall to accept WCF requests?

Tags:
+
0 Votes
Locked

Configure firewall to accept WCF requests?

jfuller05
So I get an email from our software vendor giving me details on our software upgrade that reads: "Have Hopkins set their firewall to accept WCF requests only from xxx.xxx.xx.xx:443. The communication will occur via https." I x'ed out their external ip address of course. :)

We run a sonicwall tz210. The way I understand the message, port 443 needs to be opened so the tech can upgrade our software? I can't find a WCF service in the sonicwall setup. One of their tech support guys is supposed to give me a call, but that could take a day or more and I want to get this figured out before the upgrade which is scheduled for this coming Tuesday.

Any help is appreciated.
  • +
    1 Votes
    robo_dev

    Port 443 is port 443, so it really should not matter exactly what the app does over that port.

    I would assume they mean to have your firewall listen for port 443.

    I would also expect you need a NAT rule to direct port 443 traffic on your external firewall interface to the internal IP address of whatever server is getting upgraded.

    And last but not least it would be preferable to define an ACL for their specific IP address. If it were just a standard HTTPS web server, that would not be needed; not sure what the exact risk is with WCF, so to be safe, create a rule for that.

    +
    0 Votes
    jfuller05

    Well, I can't select your answer as *the* answer. Supposedly I'm not the same user as the one who asked the question, so I gave you a +1 instead.

    +
    0 Votes
    jfuller05

    I created a WAN to WAN access rule for this. source: their external IP to our external IP as the destination with https as the service. So, I guess I would need to create a NAT rule running that traffic to our internal server. I'm also "commenting" all of this in my actions as I go along so I will know to disable this rule when the upgrade is over.

    I appreciate the reply it has helped a lot.

  • +
    1 Votes
    robo_dev

    Port 443 is port 443, so it really should not matter exactly what the app does over that port.

    I would assume they mean to have your firewall listen for port 443.

    I would also expect you need a NAT rule to direct port 443 traffic on your external firewall interface to the internal IP address of whatever server is getting upgraded.

    And last but not least it would be preferable to define an ACL for their specific IP address. If it were just a standard HTTPS web server, that would not be needed; not sure what the exact risk is with WCF, so to be safe, create a rule for that.

    +
    0 Votes
    jfuller05

    Well, I can't select your answer as *the* answer. Supposedly I'm not the same user as the one who asked the question, so I gave you a +1 instead.

    +
    0 Votes
    jfuller05

    I created a WAN to WAN access rule for this. source: their external IP to our external IP as the destination with https as the service. So, I guess I would need to create a NAT rule running that traffic to our internal server. I'm also "commenting" all of this in my actions as I go along so I will know to disable this rule when the upgrade is over.

    I appreciate the reply it has helped a lot.