Firewall Options - VPS/Dedicated

From Hostek.com Wiki
Revision as of 20:54, 1 April 2014 by Jonc (Talk | contribs) (IPS & Firewall Protection)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

IPS & Firewall Protection

Hostek protects it's VPS customers with perimeter load balanced IPS’s by Corero (Includes DDOS & deep packet inspection for known threats) which also act as a firewall. Customers have three options for the protection of their VPS, by default servers will be in the Protected port group:

  1. Protected (supports most common ports*, DDOS, deep packet inspection)
  2. PCI (restricted to a few ports, DDOS, deep packet inspection)
  3. Server Managed (less restrictive, no port blocking, no deep packet inspection, includes DDOS)
  • Note in the default group there are some additional ports open for custom applications, contact support and we will provide the port numbers.

Customizable Firewall Options

In our VPS/Dedicated Firewall Protected port group (Number 1 above), we open commonly utilized ports. If you need a non-standard fixed port to be open, contact support to have your VPS moved to the "Server Managed" group. If your application can be set to use an alternate port, there are a few alternate ports open for this purpose, contact support for more details. However keep in mind traffic to your server will be rate limited for DDOS protection but there will be no port blocking. RECOMMENDED - unneeded ports can be blocked from the software firewall on your server. This can be managed easily for Windows VPS's from WCP (limited control) or more extensive control for Windows thru Microsoft Remote Desktop or for Linux cPanel Servers use ConfigServer Firewall.

Windows Firewall

Opening a Port in Windows Firewall

To open a port in your VPS's Windows Firewall, you'll need to perform the following steps:

  1. Click the Start button, open the Administrative Tools menu, then click Windows Firewall with Advanced Security.
    Openfirewallport-step01.png
  2. Click the Inbound Rules section, then click the New Rule link at the right side of the window.
    Openfirewallport-step02.png
  3. Select Port and click Next.
    Openfirewallport-step03.png
  4. Enter the port you wish to open in the Specific local ports section. For example, if you wish to open MySQL you'd enter 3306. You can also open multiple ports at a time by separating the ports with commas.
    Openfirewallport-step04.png
  5. Make sure Allow the connection is selected and click Next.
    Openfirewallport-step05.png
  6. Make sure Domain, Private, and Public are selected and click Next.
    Openfirewallport-step06.png
  7. Now you just need to enter a name for the rule and click Finish
    Openfirewallport-step07.png

Restricting Access to a Port

  1. First, open Windows Firewall with Advanced Security by clicking the Start button, opening the Administrative Tools menu, then clicking Windows Firewall with Advanced Security.
    Openfirewallport-step01.png
  2. Right-click on the rule you wish to edit, and click Properties
  3. Click the Scope tab in the pop-up that appears.
    Restrictfirewallport-step03.png
  4. Under Remote IP Addresses select These IP addresses then click Add.
  5. In the popup that appears, you will choose what IP will have access to the port defined in your rule. For example, if you wish to restrict access to your local computer, you'd enter your computer's IP address in the This IP address or subnet section. FYI, to find your computer's IP address, you can use our IP finder.
    Restrictfirewallport-step05.png
  6. After entering your IP, click OK in the IP Address window. Then click OK in the rule properties window, and you're done.