Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
How to create a custom F-Secure PSB Computer Protection profile to allow VPN traffic through the firewall? Which ports to open? - F-Secure Community
<main> <article class="userContent"> <h3 data-version="14" data-article="000002583" data-id="issue">Issue:</h3> <p></p><ul><li>After installing Computer Protection, VPN connection stopped working and is blocked by the firewall feature.</li><li>How to create a custom PSB Computer Protection profile to allow the VPN connection?</li><li>Which ports need to be opened to allow PPTP, L2TP and IPSec VPN connection through the firewall?</li></ul><h3 data-id="resolution">Resolution:</h3> <p>In this case you have to start by creating a custom profile which can be edited.<br><br><b>Creating a custom profile:</b><br></p><ol><li>Log in to the PSB Portal</li><li>Go to the <b>Profiles </b>page</li><li>Select <b>Computer Protection</b></li><li>Select the circular symbol with three dots in the middle next to the profile you want to clone</li><li>Press on <b>clone profile</b></li><li>Enter a name and label of the new custom profile</li></ol> After creating a custom profile for Computer Protection, you can start creating new firewall rules.<br><br><b>Creating a new VPN firewall rule:</b> <ol><li>Select the profile you want to use</li><li>Select <b>Firewall</b></li><li>Go to <b>Firewall rules</b> and select <b>add rule</b></li><li>Enter a name and description of the rule, e.g Allow VPN</li></ol> The ports and protocols that need to be allowed vary between each VPN connection type. Verify with your VPN provider the type of VPN connection you are using. <br><br><u>To allow common PPTP VPN traffic:</u> <ul><li>Allow PPTP tunnel maintenance traffic, open outbound TCP port 1723</li><li>Allow PPTP tunneled data to pass through router, open outbound protocol 47 (GRE)</li></ul><u>To allow common IPSec VPN traffic:</u> <ul><li>Allow Internet Key Exchange (IKE), open UDP port 500 inbound and outbound</li><li>Allow IPSec Network Address Translation (NAT-T), open UDP port 4500 inbound and outbound</li><li>Allow Encapsulation Security Payload protocol (ESP), open protocol 50 inbound and outbound</li><li>Allow Authentication Header protocol (AH), open protocol 51 inbound and outbound</li></ul> If IPSec IKEv2 VPN connection is not working after creating the above firewall rules, enable <b>Allow unknown outbound connections </b>from the profile and see if it helps. By default Windows firewall has unknown outbound connections allowed, while the F-Secure firewall profile will block them. <br><br><u>To allow common L2TP VPN traffic: </u> <ul><li>Allow L2TP traffic, open UDP port 1701 inbound and outbound</li><li>Allow protocol 115 inbound and outbound</li></ul> Once the firewall rules have been created, the profile needs to be assigned to the target devices. <br><br><b>Assigning a profile:</b> <ol><li>Go to the <b>Devices </b>page</li><li>Choose the device(s) to which you want to assign a profile to</li><li>Click on <b>Assign </b>> <b>Assign profile</b> </li><li>Select the profile with the VPN firewall rules and click <b>Assign</b></li></ol><p>Article no: 000002583</p> </article> </main>