Category: Firewalls

Full Diagnostics from Cloud-Managed Watchguard Firebox
article #1508, updated 150 days ago

Remember that huge text file with all of the DHCP reservations, load average, and everything else? Well, go to:

-Monitor -> Devices
-Choose a firewall
-Go to Live Status -> Diagnostic Tools
-Choose the Snapshot tab.
-Click to download a snapshot file.

Then, in that file:

Fireware_support.tgz\
Fireware_support.tar\
Fireware_XTM_Support.tgz\
Fireware_XTM_Support.tar\
support\system\system_status.txt

Categories:      

==============

Apple services ports list
article #1433, updated 714 days ago

Just got wind of this, a much larger list than previously known:

https://support.apple.com/en-us/HT202944

Categories:      

==============

StorageCraft Cloud Services Port Checking Utility
article #1409, updated 858 days ago

This tool, is how to make sure your firewall is set up correctly to allow StorageCraft cloud services:

https://support.storagecraft.com/s/article/StorageCraft-Cloud-Services-port-checking-utility?language=en_US

Categories:      

==============

FQDNs to block Facebook
article #1269, updated 1558 days ago

Known list at this writing:

*.facebook.com
*.facebook.net
*.fbcdn.com
*.fbcdn.net
*.instagram.com
*.cdninstagram.com
*.tfbnw.net
*.fbsbx.com
*.fb.com

Categories:      

==============

Microsoft online services: FQDN firewall openings
article #947, updated 1635 days ago

Some firewalls have FQDN capability (e.g., Watchguards), which makes careful rule creation practical for a behemoth like Microsoft Office 365 and all of its related services. The info below is condensed and sorted from here. I have omitted a very few items (e.g., ports 25, 143, 465, and 993, and *.msn.com), for reasons which I hope are reasonably obvious.

Create one rule with these ports:

80, TCP
443, TCP
587, TCP
3478-81, UDP
5223, TCP
50000-59999, TCP and UDP

to the following list of locations, and it is done.

*.aadrm.com
*.aadrm.com
*.aka.ms
*.apple.com
*.aspnetcdn.com
*.aspnetcdn.com
*.assets-yammer.com
*.azure.com
*.azure.net
*.azureedge.net
*.azurerms.com
*.azurerms.com
*.azurewebsites.net
*.cloudapp.net
*.cloudapp.net
*.cloudappsecurity.com
*.cloudfront.net
*.edgekey.net
*.edgesuite.net
*.getmicrosoftkey.com
*.gfx.ms
*.live.com
*.lync.com
*.microsoft.com
*.microsoftazuread-sso.com
*.microsoftonline.com
*.microsoftonline-p.com
*.microsoftonline-p.com
*.microsoftonline-p.net
*.microsoftonline-p.net
*.microsoftstream.com
*.msappproxy.net
*.msecnd.net
*.msecnd.net
*.msecnd.net
*.msecnd.net
*.msedge.net
*.msft.net
*.msftauth.net
*.msocdn.com
*.mstea.ms
*.o365weve.com
*.office.com
*.office.net
*.office365.com
*.onedrive.com
*.onenote.com
*.onenote.net
*.onestore.ms
*.onmicrosoft.com
*.optimizely.com
*.outlook.com
*.phonefactor.net
*.sfbassets.com
*.sfx.ms
*.sharepoint.com
*.sharepointonline.com
*.skype.com
*.skypeassets.com
*.skypeforbusiness.com
*.sway.com
*.sway-cdn.com
*.sway-extensions.com
*.tenor.com
*.trafficmanager.net
*.trafficmanager.net
*.virtualearth.net
*.visualearth.net
*.visualstudio.com
*.windows.net
*.windowsazure.com
*.windowsazure.com
*.yammer.com
*.yammerusercontent.com
ajax.googleapis.com
ms.tific.com

Categories:      

==============

LAN firewall settings for G Suite services
article #1119, updated 2046 days ago

Condensed from here: https://support.google.com/a/answer/2589954?hl=en:

  • google.com
  • googledrive.com
  • google-analytics.com
  • googleapis.com
  • googleusercontent.com
  • ytimg.com
  • gstatic.com

The above are all on port 443, HTTPS, only. There is a legacy product which uses talk.google.com on port 5222, XMPP.

Categories:      

==============

Firewall configuration for Autodesk Services
article #1050, updated 2193 days ago

Here:

https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/AutoCAD-requests-to-Autodesk-servers-blocked-by-proxy-servers.html

and here:

https://knowledge.autodesk.com/search-result/caas/sfdcarticles/sfdcarticles/Collaboration-for-Revit-Proxy-Server-and-domain-exceptions-for-Autodesk-A360-services.html

and here:

https://knowledge.autodesk.com/support/fusion-360/troubleshooting/caas/sfdcarticles/sfdcarticles/Fusion-360-cannot-access-the-services-through-proxy.html

are found some very interesting items which may be helpful when configuring either firewalls or proxy servers to work with AutoDesk products. We need to except the following FQDN’s from all proxy intervention on ports 80 and 443:

*.autodesk.com
*.google-analytics.com
*.cloudfront.net
*.virtualearth.net
*.autocadws.com
*.newrelic.com
*.akamaiedge.net
*.amazonaws.com
*.s3.amazon.com
*.edgekey.net
*.getsatisfaction.com
*.autodesk360.com 
*.skyscraper.autodesk.com
*.ssl.google-analytics.com
*.js-agent.newrelic.com
*.hotjar.com
*.optimizely.com
cdn.jsdelivr.net
www.googletagmanager.com
cdn.web-platform.io
*.notifications.api.autodesk.com
*.pubsub.pubnub.com
cdn.jsdelivr.net
akamai.com
*.akamai.com
akamaitechnologies.com
*.akamaitechnologies.com
*.protolabs.com
tracepartsonline.net
*.tracepartsonline.net
mcmaster.com
*.mcmaster.com

Categories:      

==============

United Parcel Service and Firewalls
article #1019, updated 2320 days ago

A page has been recently deleted from the UPS web site, which included:

If I connect to UPS servers through a firewall, are there any known issues?

Because the response from the UPS server may show as unsolicited to your firewall software, you may need to configure your firewall software to accept messages from our unique range of UPS IP address ranges: “207.24.0.*”

At this writing, an in-site search on http://ups.com and a Google search still brings up the page reference, but the page is gone.

Categories:      

==============

Which ports are used by LogMeIn?
article #171, updated 3474 days ago

See here:

http://notes.ponderworthy.com/logmein-settings-for-routers-firewalls

Categories:      

==============

Remote Web Workplace and the Firewall
article #179, updated 4704 days ago

All of the following ports, reportedly, have to be forwarded to the server:

25
443
444
1723
3389
4125

Categories: