The Roman Catholic Diocese of Saint Cloud
    home      parishes       schools      email

Catholic Education Ministries

Computer Support

Firewall: Opening Ports

triangle bullet CEM Home Page
triangle bullet Schools
triangle bullet Calendar
triangle bullet Faith Formation
triangle bullet Disabilities
triangle bullet Ministry Formation
triangle bullet Media Center

Firewalls keeps intruders out of a network. However, sometimes you want the public or certain individuals to remotely access portions your internal network. To give outsiders access to your internal network, you need to "open ports" in the firewall.

Examples where this may be necessary...

  • A school server has information that should be available to parents via the web, such a digital gradebook.
  • The school has hired a company to remotely manage the heating and ventilation systems.
  • The school is receiving technical support from someone out-of-town and want them to remotely work on the school's computers.

Step 1: Identify the Needed Ports

The company being hired or the software being installed should include documenation about the needed ports. Some common ports...

Transport ProtocolPort #ServiceUsed by...
TCP/680HTTPweb site
TCP/6548AFPfile sharing in Mac OS
TCP/61723PPTPVPN (Virtual Private Network)
TCP/65900VNCApple Remote Desktop
for observe/control

Step 2: Configure the Firewall or Router

Generally, the firewall is managed via a web browser on any workstation within the school. Simply launch the web browser, type the firewall's IP address on the URL line, and press the return key. The firewall's login screen should appear.

Once logged in, the configuration procedure varies for each brand and model of firewall.

Step 2 for 2005-vintage SonicWall-brand firewalls

The two main stages are adding a service and adding a rule. These directions may not be 100% perfect.

Add Service
  1. Click "Firewall" in the left column.
  2. Click "Services" in the left column.
  3. Is your desired service in the "User Defined" or "Predefined" lists? If yes, skip to "Add Rule". If not, proceed with the next step.
  4. Click "Add..."
  5. Type the 'name' of the service (ie: AFP). If you do not know the official name, you can create your own name.
  6. Type the port number in the first 'port range' field. (ie: 548).
  7. Selected the deired protocol (usually TCP or UDP).
  8. Click "Save" or "Update" or "Add".
Add Rule
  1. Click "Access Rules" in the left column.
  2. Click "Add..."
  3. Set the 'Action' to 'Allow'
  4. Set the 'Service' to the name of the service identified or setup in the previous steps.
  5. Set the 'Source' to 'WAN'. If you want the general public to access this service of your network, type an asterisk in the first field. If you want just a specific business to access this service, type the business' IP address in the first field.
  6. Set the 'Destination' to 'LAN'. Enter the IP address of the computer that provides the desired service.
  7. Click "Save" or "Update" or "Add".

Step 2 for 2000-vintage SonicWall-brand firewalls

The two main stages are adding a service and adding a rule.

Add Service
  1. Click 'Access' in the left column.
  2. Click the 'Add Service' tab.
  3. Is your desired service in the list at right? If yes, skip to 'Add Rule'. If not, proceed with the next step.
  4. Is your desired service in the menu titled 'Add a known service'? If yes, select it from the list and jump to the LAST step. If not, please proceed with the next step.
  5. Type the 'name' of the service (ie: AFP). If you do not know the official name, you can create your own name.
  6. Type the port number in the first 'port range' field. (ie: 548).
  7. Selected the deired protocol (usually TCP or UDP).
  8. Click 'Add'.
    The Add Service screen of a SonicWall firewall.
Add Rule
  1. Click the 'Rules' tab.
  2. Scroll to the bottom of the page and click the 'Add New Rule...' button. The 'Add Network Access Rule' screen will appear.
  3. Set the 'Action' to 'Allow'
  4. Set the 'Service' to the name of the service identified or setup in the previous steps.
  5. Set the 'Source' to 'WAN'. If you want the general public to access this service of your network, type an asterisk in the first field. If you want just a specific business to access this service, type the business' IP address in the first field.
  6. Set the 'Destination' to 'LAN'. Enter the IP address of the computer that provides the desired service.
  7. Click 'Update'.
    The Add Network Access Rule screen of a SonicWall firewall.

Step 2 for LinkSys-brand firewalls

  1. Click the 'Applications & Gaming' tab.
  2. In the 'Application' field, type the name of the service (ie: AFP). If you do not know the official name, you can create your own name.
  3. In the 'Start' field, type the port number (ie: 548).
  4. In the 'IP Address' field, type the IP address of the computer that provides the desired service.
  5. Check 'Enabled'.
  6. Scroll down and click the 'Update' or 'Apply' or 'Save' button.
    The Applications and Gaming screen of a LinkSys firewall.

©2007 Diocese of Saint Cloud. All rights reserved.
Last modified March 22, 2007. Created and maintained by DM.