Firewall - Troubleshooting
Authorsupport support Article Reference NumberAA-04988 Views3347 0 Rating/ 1 Voters

Firewall Troubleshooting

One of the most frustrating things when dealing with a new server environment can be dealing with your firewall if it is not working correctly we will go over a few ways to test your firewall configuration as well as a few fixes.

Firewall logging

By default Windows Firewall logging is not enabled and it is really not recommended that you have ti enabled for long periods of time as the log file can grow exponentially, but when you are trying to see if the firewall is dropping the connection this is a good place to start.

To enable logging follow the steps below

  • Select the Start menu
  • Type cmd 
  • Right click command prompt and select 'Run as Administrator'
  • Enter the following commands
    • netsh firewall set logging connections=enable
    • netsh firewall set logging dropped=enable

This will log both incoming connections as well as dropped connections by the firewall you can access the log through the Windows Firewall with Advanced Security tool. This will be located under Monitoring as shown below.


Profiles, and more

Your windows environment has three profiles that you can have on a In or Outbound Firewall rule

  • Domain - This setting is applied when the vps is connected to a domain controller (this is the default for all windows vps's)
  • Public - This setting is applied when a connection to a network for which the computer's account is not associated with.
  • Private - This setting is applied when a connection to a domain is made through a public network, such as an airport, hotel, coffee shop etc.

Since your VPS is attached to our Domain Controller (AD3) ensure the rules you create or modify are on the domain or all profiles.

Modifying an existing rule's profile

Some rules come predefined by group policy, once a rule was added through group policy you are not able to modify the profile they are attached too through the Windows Firewall with Advanced Security GUI they can however be modified by netsh

To modify an existing rule's profile follow the steps below 

  • Select the Start menu
  • Type cmd 
  • Right click command prompt and select 'Run as Administrator'
  • Enter the following commands
    • netsh advfirewall set rule name="the exact name of the rule" profile=the current profile dir=in or out if you are modifying an in or outbound rule new profile=the new profile
      • eg netsh advfirewall set rulename="Post-Office Protocol Version 3 (POP3)" profile=public dir=in new profile=domain

Testing your firewall with Telnet

Telnet is one of the fastest ways to test a firewall and check if the ports are open.

To use telnet on Windows follow the steps below

  • Select the Start menu
  • Type cmd
  • Hit enter
  • Enter the following commands
    • telnet youripaddress port
      • eg telnet 1.2.3.4 25

To use telnet on mac follow the steps below

  • Open the Utilities section
  • Select Applications
  • locate Terminal
    • Type Command + N which opens a new terminal window
      • telnet youripaddress port
        • eg telnet 1.2.3.4 25

Once you have opened the connection if the port is open on the firewall the service will generally respond, if it fails to connect the tool will notify you. You can then use the troubleshooting methods above to determine the issue.

Comments(0)
There are no comments for this article.
Info Add Comment
Nickname: Email (will not be shown): Subject: Comment:
Quick Jump Menu
Subscribe to updates Subscribe to Updates
Email to a frien Email to a Friend
Print Print Article
Info Vote
Info Ask a Question
Email (will not be shown): Subject: Question: