How to add ports and applications to Windows firewall

Windows Vista / 7 / 8 / 2008 Server

Go to Control Panel and open Windows Firewall then choose Advanced Settings this will bring up the Windows Firewall with Advanced Security window

firewallav

Now click on Inbound / Outbound Rules and Select ‘New Rule’ (in this example, a new inbound rule is being created but outbound rules are created using the same manner just specifying outbound vs inbound)  You can select the rule based on the Program or Port (this example is creating a Program rule, a Port rule example is shown at the bottom) Click on Next to continue

firerule

This is where you specify which program (based on .exe) is located.  That program will be given access to run on any port (TCP/UDP) on the system.  This is a more broad approach, but if an organization needs more granular security, port based rules or combination (using the custom rule type) is recommended.  Once you have browsed to the program location and added the .exe click Next

fireprog

Here you setup the rule’s location that it will apply to.  If you are in a domain and security is not restricted by the administrator, you would select domain.  If you are in a workgroup environment, you would select private.  Public location deals in public space and isn’t advised when using Windows Firewall with ImageQuest due to security concerns.

The final screen allows you to name the rule as it will be placed in the rules section along with other default rules.  Descriptive naming is advised to know what the rule is referencing.  Click ‘Finish’ and it will add the rule to the rules list.

fireend

Port Base Configuration
Using ports is more granular than program based as you are allowing specific ports, but these ports WILL NOT be exclusive to Image Quest.  If you require the most secure environment possible with Windows Firewall, you will need to create a ‘Custom’ rule and add the program AND ports for the Iqclient / Server.  If you require this configuration, please review the Microsoft Article here.

To configure ports, you run the wizard as you would with program level configuration, but you want to choose ports during the ‘Rule Type’ section

fireportrule

This is where you will add the ports necessary to run Image Quest as the required ports are TCP 32751, TCP 33176, and UDP 2112.  TCP port 1433 is highlighted in the example below because it is not a necessary port to run Image Quest, but it is the port that is configured for the SQL server.  Image Quest needs access (client and server) to the database server.  If this is not added here, you can also create a specific port for SQL as ANY service that uses this port will be allowed access on this port unless you configure a custom rule.  The rest of the configuration (location and naming) are the same as configuring for a program stated earlier)

fireports