Several ports may need to be opened in Windows Firewall, sometimes even if the service is turned off, and sometimes on both client and server. To accomplish this by command line, use these:

netsh firewall add portopening protocol=TCP port=18082 name=VIPRE_client_1
netsh firewall add portopening protocol=TCP port=18086 name=VIPRE_client_2
netsh firewall add portopening protocol=TCP port=18087 name=VIPRE_client_3
netsh firewall add portopening protocol=TCP port=18088 name=VIPRE_client_4

If you would like to have the above ports opened using an Active Directory group policy, edit the policy, go to Administrative Templates under Computer Configuration, then Network, Network Connections, and Windows Firewall.  Under both “Domain Profile” and “Standard Profile” you will find “Define Inbound Port Exceptions”.  In these, the following lines will be needed:

18082:TCP:*:enabled:VIPRE1
18086:TCP:*:enabled:VIPRE2
18087:TCP:*:enabled:VIPRE3
18088:TCP:*:enabled:VIPRE4

For our configuration of client install outside of the LAN, you’ll want port 591 added as a fifth item to the above, i.e., either this:

netsh firewall add portopening protocol=TCP port=18082 name=VIPRE_client_1
netsh firewall add portopening protocol=TCP port=18086 name=VIPRE_client_2
netsh firewall add portopening protocol=TCP port=18087 name=VIPRE_client_3
netsh firewall add portopening protocol=TCP port=18088 name=VIPRE_client_4
netsh firewall add portopening protocol=TCP port=591 name=VIPRE_client_5

or this:

18082:TCP:*:enabled:VIPRE1
18086:TCP:*:enabled:VIPRE2
18087:TCP:*:enabled:VIPRE3
18088:TCP:*:enabled:VIPRE4
591:TCP:*:enabled:VIPRE5