Windows Firewall Configuration For VOIP Switch

Discussion in 'VoIP Knowledge Base' started by admin, Dec 23, 2013.

  1. admin

    admin Administrator

    Windows 2008 server firewall setup for VOIP Switch :


    Check if windows firewall is running. After that run VoipTunnel Server, Voipbox, Voipswitch. When the windows firewall prompt appear - click on "allow".
    After that you can simply run following script to setup the firewall:
    voipswitch firewall script starts from here (copy after ] )
    ]

    REM To apply the voipswitch rules from script you need to delete the "GOTO skip" command from script file.
    PAUSE
    REM Creating firewall setup backup c:
    cd \
    md backup
    cd backup
    netsh advfirewall export firewall.wfw
    GOTO skip
    REM VoipSwitch
    REM TCP,UDP 1719-1720 Incoming
    for /L %%I in (1719,1,1720) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=in action=allow protocol=UDP localport=%%I
    for /L %%I in (1719,1,1720) do netsh advfirewall firewall add rule name=Port-%%I-TCP dir=in action=allow protocol=TCP localport=%%I
    REM TCP,UDP 5060 Incoming
    netsh advfirewall firewall add rule name=Port-5060-TCP dir=in action=allow protocol=TCP localport=5060
    netsh advfirewall firewall add rule name=Port-5060-UDP dir=in action=allow protocol=UDP localport=5060
    REM 1800-1804 TCP Incoming
    for /L %%I in (1800,1,1804) do netsh advfirewall firewall add rule name=Port-%%I-TCP dir=in action=allow protocol=TCP localport=%%I
    REM 1803,1805 UDP Incoming
    netsh advfirewall firewall add rule name=Port-1803-UDP dir=in action=allow protocol=UDP localport=1803
    netsh advfirewall firewall add rule name=Port-1805-UDP dir=in action=allow protocol=UDP localport=1805
    REM 6000-20000 UDP Incoming,Outgoing
    for /L %%I in (6000,1,20000) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=in action=allow protocol=UDP localport=%%I
    for /L %%I in (6000,1,20000) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=out action=allow protocol=UDP localport=%%I
    :skip
    REM WebDialer RTP 3000-3029 Incoming, outgoing
    for /L %%I in (3000,1,3029) do netsh advfirewall firewall add rule name=WebDialerRTP-% %I dir=in action=allow protocol=UDP localport=%%I
    for /L %%I in (3000,1,3029) do netsh advfirewall firewall add rule name=WebDialerRTP-% %I dir=out action=allow protocol=UDP localport=%%I
    REM WebDialer UDP-SIP 5070-5099 Invoming, outgoing
    for /L %%I in (5070,1,5099) do netsh advfirewall firewall add rule name=WebDialerUDP-% %I dir=in action=allow protocol=UDP localport=%%I
    for /L %%I in (5070,1,5099) do netsh advfirewall firewall add rule name=WebDialerUDP-% %I dir=out action=allow protocol=UDP localport=%%I
    REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091 both ways
    netsh advfirewall firewall add rule name=VoipswitchWebs dir=in action=allow protocol=TCP localport=1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
    netsh advfirewall firewall add rule name=VoipswitchWebs dir=out action=allow protocol=TCP localport=1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091


    To delete the rules added by the script below you can use this script.

    REM To not skip the voipswitch rules you need to delete the goto skip command from script file.
    PAUSE
    GOTO skip
    REM VoipSwitch
    REM TCP,UDP 1719-1720 Incoming
    for /L %%I in (1719,1,1720) do netsh advfirewall firewall delete rule name=Port-%%I-UDP for /L %%I in (1719,1,1720) do netsh advfirewall firewall delete rule name=Port-%%I-TCP
    REM TCP,UDP 5060 Incoming
    netsh advfirewall firewall delete rule name=Port-5060-TCP netsh advfirewall firewall delete rule name=Port-5060-UDP
    REM 1800-1804 TCP Incoming
    for /L %%I in (1800,1,1804) do netsh advfirewall firewall delete rule name=Port-%%I-TCP
    REM 1803,1805 UDP Incoming
    netsh advfirewall firewall delete rule name=Port-1803-UDP netsh advfirewall firewall delete rule name=Port-1805-UDP
    REM 6000-20000 UDP Incoming,Outgoing
    for /L %%I in (6000,1,20000) do netsh advfirewall firewall delete rule name=Port-%%I- UDP
    for /L %%I in (6000,1,20000) do netsh advfirewall firewall delete rule name=Port-%%I- UDP
    :skip
    REM WebDialer RTP 3000-3029


    for /L %%I in (3000,1,3029) do netsh advfirewall firewall delete rule name=WebDialerRTP- %%I
    REM WebDialer UDP-SIP 5070-5099
    for /L %%I in (5070,1,5099) do netsh advfirewall firewall delete rule name=WebDialerUDP- %%I
    REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091 netsh advfirewall firewall delete rule name=VoipswitchWebs





    Windows 2003 Firewall setup for VOIPSwitch





    Check if windows firewall is running. After that run VoipTunnel Server, Voipbox, Voipswitch. After that you can simply run following script to setup the firewall:
    voipswitch firewall script starts from here (copy after ] )

    ]
    REM To apply the voipswitch rules from script you need to delete the "GOTO skip" command from script file.
    PAUSE
    GOTO skip
    REM VoipSwitch
    REM TCP,UDP 1719-1720
    FOR /L %%I IN (1719,1,1720) DO netsh firewall add portopening TCP %%I "Port 1719-20"%%I
    FOR /L %%I IN (1719,1,1720) DO netsh firewall add portopening UDP %%I "Port 1719-20"%%I
    REM TCP,UDP 5060
    netsh firewall add portopening protocol = ALL port = 5060 name = 5060 mode = ENABLE
    REM 1800-1804 TCP
    FOR /L %%I IN (1800,1,1804) DO netsh firewall add portopening TCP %%I "Port-"%%I
    REM 1803,1805 UDP
    netsh firewall add portopening protocol = UDP port = 1803 name = Port-1803-UDP mode = ENABLE
    netsh firewall add portopening protocol = UDP port = 1805 name = Port-1805-UDP mode = ENABLE
    REM 6000-20000 UDP
    FOR /L %%I IN (6000,1,20000) DO netsh firewall add portopening UDP %%I "Ports UDP-"%%I
    :skip
    REM WebDialer,RTP 3000-3029
    FOR /L %%I IN (3000,1,3029) DO netsh firewall add portopening UDP %%I "WebDialer -"%%I
    REM WebDialer UDP-SIP 5070-5099
    FOR /L %%I IN (5070,1,5099) DO netsh firewall add portopening UDP %%I "WebDialer sip-"%%I
    REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
    netsh firewall add portopening protocol = TCP port = 1935 name = Port-1935-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 1936 name = Port-1936-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 1937 name = Port-1937-TCP mode = ENABLE


    netsh firewall add portopening protocol = TCP port = 1938 name = Port-1938-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 1939 name = Port-1939-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 5222 name = Port-5222-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 5229 name = Port-5229-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 7070 name = Port-7070-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 7777 name = Port-7777-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 9090 name = Port-9090-TCP mode = ENABLE
    netsh firewall add portopening protocol = TCP port = 9091 name = Port-9091-TCp mode = ENABLE

    *Allow traffic from server's public IP to this IP (eth0 <--] eth0)*


    Exemplary firewall configuration:
    Be aware that blocking everything You may cut off access to the server by remote connection (via Remote Desktop, Radmin, VNC) so be vary careful during setup process. Many firewalls cut off most services by default and after installation there is no way to remotelly access the server.
     

Share This Page