Windows 2008 server firewall setup for VOIP Switch :
Check if windows firewall is running. After that run VoipTunnel Server, Voipbox, Voipswitch. When the windows firewall prompt appear - click on "allow".
After that you can simply run following script to setup the firewall:
voipswitch firewall script starts from here (copy after ] )
]
REM To apply the voipswitch rules from script you need to delete the "GOTO skip" command from script file.
PAUSE
REM Creating firewall setup backup c:
cd \
md backup
cd backup
netsh advfirewall export firewall.wfw
GOTO skip
REM VoipSwitch
REM TCP,UDP 1719-1720 Incoming
for /L %%I in (1719,1,1720) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (1719,1,1720) do netsh advfirewall firewall add rule name=Port-%%I-TCP dir=in action=allow protocol=TCP localport=%%I
REM TCP,UDP 5060 Incoming
netsh advfirewall firewall add rule name=Port-5060-TCP dir=in action=allow protocol=TCP localport=5060
netsh advfirewall firewall add rule name=Port-5060-UDP dir=in action=allow protocol=UDP localport=5060
REM 1800-1804 TCP Incoming
for /L %%I in (1800,1,1804) do netsh advfirewall firewall add rule name=Port-%%I-TCP dir=in action=allow protocol=TCP localport=%%I
REM 1803,1805 UDP Incoming
netsh advfirewall firewall add rule name=Port-1803-UDP dir=in action=allow protocol=UDP localport=1803
netsh advfirewall firewall add rule name=Port-1805-UDP dir=in action=allow protocol=UDP localport=1805
REM 6000-20000 UDP Incoming,Outgoing
for /L %%I in (6000,1,20000) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (6000,1,20000) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=out action=allow protocol=UDP localport=%%I
:skip
REM WebDialer RTP 3000-3029 Incoming, outgoing
for /L %%I in (3000,1,3029) do netsh advfirewall firewall add rule name=WebDialerRTP-% %I dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (3000,1,3029) do netsh advfirewall firewall add rule name=WebDialerRTP-% %I dir=out action=allow protocol=UDP localport=%%I
REM WebDialer UDP-SIP 5070-5099 Invoming, outgoing
for /L %%I in (5070,1,5099) do netsh advfirewall firewall add rule name=WebDialerUDP-% %I dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (5070,1,5099) do netsh advfirewall firewall add rule name=WebDialerUDP-% %I dir=out action=allow protocol=UDP localport=%%I
REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091 both ways
netsh advfirewall firewall add rule name=VoipswitchWebs dir=in action=allow protocol=TCP localport=1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
netsh advfirewall firewall add rule name=VoipswitchWebs dir=out action=allow protocol=TCP localport=1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
To delete the rules added by the script below you can use this script.
REM To not skip the voipswitch rules you need to delete the goto skip command from script file.
PAUSE
GOTO skip
REM VoipSwitch
REM TCP,UDP 1719-1720 Incoming
for /L %%I in (1719,1,1720) do netsh advfirewall firewall delete rule name=Port-%%I-UDP for /L %%I in (1719,1,1720) do netsh advfirewall firewall delete rule name=Port-%%I-TCP
REM TCP,UDP 5060 Incoming
netsh advfirewall firewall delete rule name=Port-5060-TCP netsh advfirewall firewall delete rule name=Port-5060-UDP
REM 1800-1804 TCP Incoming
for /L %%I in (1800,1,1804) do netsh advfirewall firewall delete rule name=Port-%%I-TCP
REM 1803,1805 UDP Incoming
netsh advfirewall firewall delete rule name=Port-1803-UDP netsh advfirewall firewall delete rule name=Port-1805-UDP
REM 6000-20000 UDP Incoming,Outgoing
for /L %%I in (6000,1,20000) do netsh advfirewall firewall delete rule name=Port-%%I- UDP
for /L %%I in (6000,1,20000) do netsh advfirewall firewall delete rule name=Port-%%I- UDP
:skip
REM WebDialer RTP 3000-3029
for /L %%I in (3000,1,3029) do netsh advfirewall firewall delete rule name=WebDialerRTP- %%I
REM WebDialer UDP-SIP 5070-5099
for /L %%I in (5070,1,5099) do netsh advfirewall firewall delete rule name=WebDialerUDP- %%I
REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091 netsh advfirewall firewall delete rule name=VoipswitchWebs
Windows 2003 Firewall setup for VOIPSwitch
Check if windows firewall is running. After that run VoipTunnel Server, Voipbox, Voipswitch. After that you can simply run following script to setup the firewall:
voipswitch firewall script starts from here (copy after ] )
]
REM To apply the voipswitch rules from script you need to delete the "GOTO skip" command from script file.
PAUSE
GOTO skip
REM VoipSwitch
REM TCP,UDP 1719-1720
FOR /L %%I IN (1719,1,1720) DO netsh firewall add portopening TCP %%I "Port 1719-20"%%I
FOR /L %%I IN (1719,1,1720) DO netsh firewall add portopening UDP %%I "Port 1719-20"%%I
REM TCP,UDP 5060
netsh firewall add portopening protocol = ALL port = 5060 name = 5060 mode = ENABLE
REM 1800-1804 TCP
FOR /L %%I IN (1800,1,1804) DO netsh firewall add portopening TCP %%I "Port-"%%I
REM 1803,1805 UDP
netsh firewall add portopening protocol = UDP port = 1803 name = Port-1803-UDP mode = ENABLE
netsh firewall add portopening protocol = UDP port = 1805 name = Port-1805-UDP mode = ENABLE
REM 6000-20000 UDP
FOR /L %%I IN (6000,1,20000) DO netsh firewall add portopening UDP %%I "Ports UDP-"%%I
:skip
REM WebDialer,RTP 3000-3029
FOR /L %%I IN (3000,1,3029) DO netsh firewall add portopening UDP %%I "WebDialer -"%%I
REM WebDialer UDP-SIP 5070-5099
FOR /L %%I IN (5070,1,5099) DO netsh firewall add portopening UDP %%I "WebDialer sip-"%%I
REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
netsh firewall add portopening protocol = TCP port = 1935 name = Port-1935-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1936 name = Port-1936-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1937 name = Port-1937-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1938 name = Port-1938-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1939 name = Port-1939-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 5222 name = Port-5222-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 5229 name = Port-5229-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 7070 name = Port-7070-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 7777 name = Port-7777-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 9090 name = Port-9090-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 9091 name = Port-9091-TCp mode = ENABLE
*Allow traffic from server's public IP to this IP (eth0 <--] eth0)*
Exemplary firewall configuration:
Be aware that blocking everything You may cut off access to the server by remote connection (via Remote Desktop, Radmin, VNC) so be vary careful during setup process. Many firewalls cut off most services by default and after installation there is no way to remotelly access the server.
Check if windows firewall is running. After that run VoipTunnel Server, Voipbox, Voipswitch. When the windows firewall prompt appear - click on "allow".
After that you can simply run following script to setup the firewall:
voipswitch firewall script starts from here (copy after ] )
]
REM To apply the voipswitch rules from script you need to delete the "GOTO skip" command from script file.
PAUSE
REM Creating firewall setup backup c:
cd \
md backup
cd backup
netsh advfirewall export firewall.wfw
GOTO skip
REM VoipSwitch
REM TCP,UDP 1719-1720 Incoming
for /L %%I in (1719,1,1720) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (1719,1,1720) do netsh advfirewall firewall add rule name=Port-%%I-TCP dir=in action=allow protocol=TCP localport=%%I
REM TCP,UDP 5060 Incoming
netsh advfirewall firewall add rule name=Port-5060-TCP dir=in action=allow protocol=TCP localport=5060
netsh advfirewall firewall add rule name=Port-5060-UDP dir=in action=allow protocol=UDP localport=5060
REM 1800-1804 TCP Incoming
for /L %%I in (1800,1,1804) do netsh advfirewall firewall add rule name=Port-%%I-TCP dir=in action=allow protocol=TCP localport=%%I
REM 1803,1805 UDP Incoming
netsh advfirewall firewall add rule name=Port-1803-UDP dir=in action=allow protocol=UDP localport=1803
netsh advfirewall firewall add rule name=Port-1805-UDP dir=in action=allow protocol=UDP localport=1805
REM 6000-20000 UDP Incoming,Outgoing
for /L %%I in (6000,1,20000) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (6000,1,20000) do netsh advfirewall firewall add rule name=Port-%%I-UDP dir=out action=allow protocol=UDP localport=%%I
:skip
REM WebDialer RTP 3000-3029 Incoming, outgoing
for /L %%I in (3000,1,3029) do netsh advfirewall firewall add rule name=WebDialerRTP-% %I dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (3000,1,3029) do netsh advfirewall firewall add rule name=WebDialerRTP-% %I dir=out action=allow protocol=UDP localport=%%I
REM WebDialer UDP-SIP 5070-5099 Invoming, outgoing
for /L %%I in (5070,1,5099) do netsh advfirewall firewall add rule name=WebDialerUDP-% %I dir=in action=allow protocol=UDP localport=%%I
for /L %%I in (5070,1,5099) do netsh advfirewall firewall add rule name=WebDialerUDP-% %I dir=out action=allow protocol=UDP localport=%%I
REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091 both ways
netsh advfirewall firewall add rule name=VoipswitchWebs dir=in action=allow protocol=TCP localport=1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
netsh advfirewall firewall add rule name=VoipswitchWebs dir=out action=allow protocol=TCP localport=1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
To delete the rules added by the script below you can use this script.
REM To not skip the voipswitch rules you need to delete the goto skip command from script file.
PAUSE
GOTO skip
REM VoipSwitch
REM TCP,UDP 1719-1720 Incoming
for /L %%I in (1719,1,1720) do netsh advfirewall firewall delete rule name=Port-%%I-UDP for /L %%I in (1719,1,1720) do netsh advfirewall firewall delete rule name=Port-%%I-TCP
REM TCP,UDP 5060 Incoming
netsh advfirewall firewall delete rule name=Port-5060-TCP netsh advfirewall firewall delete rule name=Port-5060-UDP
REM 1800-1804 TCP Incoming
for /L %%I in (1800,1,1804) do netsh advfirewall firewall delete rule name=Port-%%I-TCP
REM 1803,1805 UDP Incoming
netsh advfirewall firewall delete rule name=Port-1803-UDP netsh advfirewall firewall delete rule name=Port-1805-UDP
REM 6000-20000 UDP Incoming,Outgoing
for /L %%I in (6000,1,20000) do netsh advfirewall firewall delete rule name=Port-%%I- UDP
for /L %%I in (6000,1,20000) do netsh advfirewall firewall delete rule name=Port-%%I- UDP
:skip
REM WebDialer RTP 3000-3029
for /L %%I in (3000,1,3029) do netsh advfirewall firewall delete rule name=WebDialerRTP- %%I
REM WebDialer UDP-SIP 5070-5099
for /L %%I in (5070,1,5099) do netsh advfirewall firewall delete rule name=WebDialerUDP- %%I
REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091 netsh advfirewall firewall delete rule name=VoipswitchWebs
Windows 2003 Firewall setup for VOIPSwitch
Check if windows firewall is running. After that run VoipTunnel Server, Voipbox, Voipswitch. After that you can simply run following script to setup the firewall:
voipswitch firewall script starts from here (copy after ] )
]
REM To apply the voipswitch rules from script you need to delete the "GOTO skip" command from script file.
PAUSE
GOTO skip
REM VoipSwitch
REM TCP,UDP 1719-1720
FOR /L %%I IN (1719,1,1720) DO netsh firewall add portopening TCP %%I "Port 1719-20"%%I
FOR /L %%I IN (1719,1,1720) DO netsh firewall add portopening UDP %%I "Port 1719-20"%%I
REM TCP,UDP 5060
netsh firewall add portopening protocol = ALL port = 5060 name = 5060 mode = ENABLE
REM 1800-1804 TCP
FOR /L %%I IN (1800,1,1804) DO netsh firewall add portopening TCP %%I "Port-"%%I
REM 1803,1805 UDP
netsh firewall add portopening protocol = UDP port = 1803 name = Port-1803-UDP mode = ENABLE
netsh firewall add portopening protocol = UDP port = 1805 name = Port-1805-UDP mode = ENABLE
REM 6000-20000 UDP
FOR /L %%I IN (6000,1,20000) DO netsh firewall add portopening UDP %%I "Ports UDP-"%%I
:skip
REM WebDialer,RTP 3000-3029
FOR /L %%I IN (3000,1,3029) DO netsh firewall add portopening UDP %%I "WebDialer -"%%I
REM WebDialer UDP-SIP 5070-5099
FOR /L %%I IN (5070,1,5099) DO netsh firewall add portopening UDP %%I "WebDialer sip-"%%I
REM VoipswitchWebs TCP 1935,1936,1937,1938,1939,5222,5229,7070,7777,9090,9091
netsh firewall add portopening protocol = TCP port = 1935 name = Port-1935-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1936 name = Port-1936-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1937 name = Port-1937-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1938 name = Port-1938-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 1939 name = Port-1939-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 5222 name = Port-5222-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 5229 name = Port-5229-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 7070 name = Port-7070-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 7777 name = Port-7777-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 9090 name = Port-9090-TCP mode = ENABLE
netsh firewall add portopening protocol = TCP port = 9091 name = Port-9091-TCp mode = ENABLE
*Allow traffic from server's public IP to this IP (eth0 <--] eth0)*
Exemplary firewall configuration:
Be aware that blocking everything You may cut off access to the server by remote connection (via Remote Desktop, Radmin, VNC) so be vary careful during setup process. Many firewalls cut off most services by default and after installation there is no way to remotelly access the server.