Attachmate Worldwide  |   Contact Us  |   NetIQ.com
Home » Support » Solution Library

Technical Notes

Verastream Host Integrator and the Microsoft Windows Firewall (Included in XP Service Pack 2)
Technical Note 10033
Last Reviewed 12-Aug-2004
Applies To
Verastream Host Integrator
Summary

Windows XP Service Pack 2 (SP2) includes a new Windows Firewall. In prior releases, this feature was known as the Internet Connection Firewall (ICF) and was disabled by default. Starting with the SP2 release, during installation the firewall is automatically enabled on all network connections and is configured to block all unsolicited incoming traffic. This note describes how the Windows Firewall interacts with Verastream Host Integrator.

About the Windows Firewall

The Windows Firewall is a stateful host firewall that runs in Windows XP and blocks all unsolicited incoming traffic, unless configured to permit the traffic. Outgoing traffic and traffic internal to the Windows XP machine is not blocked by the firewall.

Verastream Host Integrator and the Windows Firewall

Attachmate has tested the current Verastream Host Integrator product with the Microsoft Windows Firewall. The following sections detail instances where you must configure the Windows Firewall to permit Verastream traffic.

For information about the current version of Verastream, see the Attachmate Product Support Lifecycle at http://support.attachmate.com/programs/lifecycle/version-status.html?verastream.

Configuring the Windows Firewall to Permit Verastream Traffic

If all Verastream components are installed and run on the same Windows XP SP2-based machine (as in a typical Verastream Development Kit installation), there should be no need to configure the Windows Firewall, since all Verastream traffic is local to the Windows XP machine. However, if the Verastream components are installed on different machines, you must configure the Windows Firewall to permit unsolicited incoming Verastream traffic. If attempts are made to access Verastream before the necessary port(s) have been opened, the attempt will fail (with or without an error, depending on the type of communication being attempted).

The following table shows the most commonly-used Verastream components, the default port numbers on which each component receives unsolicited incoming Verastream traffic, and where the communication is coming from. If you are using other features, such as Web Builder, event handlers, or Host Emulator, you may need to configure additional ports. For more details about ports used by Verastream Host Integrator, see Technical Note 40012.

Verastream component
Receives unsolicited incoming traffic on port number
From
AADS
9641
Client (connector), Administrative WebStation, AADS peers (replication), Session Server (to register or unregister), activatemodel and deactivatemodel (deployment tools)
Log Manager
9640
AADS, VHI Session Servers, Administrative WebStation Log Viewer (queries), standalone Log Viewer (queries)
Session Server (including domain server functionality)
9623
Client (connector), other Session Servers, AADS, Administrative WebStation, activatemodel and deactivatemodel (deployment tools)
Administrative WebStation console
9642
Web browser

Note: You must be a member of the Window's Local Administrative group to configure the firewall. The firewall can be configured using Group Policies or scripting. For more information about these deployment options, see "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2" on the Microsoft web site at

http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en

Adding Verastream to the Windows Firewall Exceptions List

Follow the steps below to open a port for external access to the Verastream components.

  1. From the Control Panel, click Security Center > Windows Firewall.
  2. On the Exceptions tab, click Add Port.
Figure 1 - The Windows Firewall Exceptions List (Default) Figure 1 - The Windows Firewall Exceptions List (Default)
  1. Enter a name (such as Verastream Session Server) and the Verastream Host Integrator port number.
  2. If you want to restrict the IP address or network scope of access to the port, click Change scope, enter the information appropriate to your environment, and then click OK.
  3. Repeat steps 3 and 4 for each additional Verastream port being used in your environment.
  4. Click OK.

For further information about manually adding application or port exceptions to the Windows Firewall, see Manually Configuring Windows Firewall in Windows XP Service Pack 2 on the Microsoft web site at

http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

Troubleshooting the Microsoft Firewall

For information about troubleshooting the Microsoft Firewall, see "Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2" on Microsoft's web site at

http://www.microsoft.com/downloads/details.aspx?familyid=a7628646-131d-4617-bf68-f0532d8db131&displaylang=en

Related Technical Notes
1981 Attachmate Products and Microsoft Windows XP Service Pack 2
10035 Verastream Integration Broker and the Microsoft Windows Firewall (Included in XP Service Pack 2)
40012 Ports Used by Verastream Host Integrator
40999 Verastream Host Integrator Technical Notes

Did this technical note answer your question?

Yes    No    Somewhat     Not sure yet

Additional comments about this tech note:

Need further help? For technical support, please contact Support.