Firewall Troubleshooting
One of the most frustrating things when dealing with a new server environment can be dealing with your firewall if it is not working correctly we will go over a few ways to test your firewall configuration as well as a few fixes.
Firewall logging
By default Windows Firewall logging is not enabled and it is really not recommended that you have ti enabled for long periods of time as the log file can grow exponentially, but when you are trying to see if the firewall is dropping the connection this is a good place to start.
To enable logging follow the steps below
- Select the Start menu
- Type cmd
- Right click command prompt and select 'Run as Administrator'
- Enter the following commands
- netsh firewall set logging connections=enable
- netsh firewall set logging dropped=enable
This will log both incoming connections as well as dropped connections by the firewall you can access the log through the Windows Firewall with Advanced Security tool. This will be located under Monitoring as shown below.
Profiles, and more
Your windows environment has three profiles that you can have on a In or Outbound Firewall rule
- Domain - This setting is applied when the vps is connected to a domain controller (this is the default for all windows vps's)
- Public - This setting is applied when a connection to a network for which the computer's account is not associated with.
- Private - This setting is applied when a connection to a domain is made through a public network, such as an airport, hotel, coffee shop etc.
Since your VPS is attached to our Domain Controller (AD3) ensure the rules you create or modify are on the domain or all profiles.
Modifying an existing rule's profile
Some rules come predefined by group policy, once a rule was added through group policy you are not able to modify the profile they are attached too through the Windows Firewall with Advanced Security GUI they can however be modified by netsh
To modify an existing rule's profile follow the steps below
- Select the Start menu
- Type cmd
- Right click command prompt and select 'Run as Administrator'
- Enter the following commands
- netsh advfirewall set rule name="the exact name of the rule" profile=the current profile dir=in or out if you are modifying an in or outbound rule new profile=the new profile
- eg netsh advfirewall set rulename="Post-Office Protocol Version 3 (POP3)" profile=public dir=in new profile=domain
Testing your firewall with Telnet
Telnet is one of the fastest ways to test a firewall and check if the ports are open.
To use telnet on Windows follow the steps below
- Select the Start menu
- Type cmd
- Hit enter
- Enter the following commands
- telnet youripaddress port
- eg telnet 1.2.3.4 25
To use telnet on mac follow the steps below
- Open the Utilities section
- Select Applications
- locate Terminal
- Type Command + N which opens a new terminal window
- telnet youripaddress port
- eg telnet 1.2.3.4 25
Once you have opened the connection if the port is open on the firewall the service will generally respond, if it fails to connect the tool will notify you. You can then use the troubleshooting methods above to determine the issue.