To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Computer Protection and windows ipsec vpn, connects but no data

VPY W/ Alumni Posts: 2 Security Scout



Windows own vpn client connects fine, but there no data transferin over it. CP's firewall block it.

When disable fw, data goes fine. If make transmiting rule like any, any, any.. data goes fine.


I have try to allow port UDP 500, 4500, protocol GRE, L2TP no luck (receiveing and transfering)

I try to allow ip range that it's for remote network and vpn adapter, no luck


What rule I need to add&allow to make data goto vpn tunnel?



  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 243 Moderator

    Hello @VPY 


    You can create a new VPN firewall rule for this, to do so, select the profile you want to use in PSB portal> Select Firewall> go to Firewall Rules and select Add Rule> Enter a name of the rule i.e allow VPN> Under Action & direction > Select Allow/Out


    See below the ports that you need to be opened to allow PPTP and L2TP through firewall, and to work the VPN connection.


     PPTP tunnel maintenance traffic, open outbound TCP 1723.
     PPTP tunneled data to pass through router, open outbound Protocol 47 (GRE)
     Internet Key Exchange (IKE), open UDP 500.
     IPSec Network Address Translation (NAT-T) open UDP 5500.
     L2TP traffic, open UDP 1701 and Protocol ID 115



  • fedool
    fedool W/ Staff, W/ Article Coordinator Posts: 162 W/ Staff

    Hello @VPY ,


    Did this information help you?

    You can as well check what is blocked by firewall using own Windows Firewall log or check C:\ProgramData\F-Secure\Log\Firewall\Blocks.log  - we log there everything blocked by firewall so you can see there which exact ports and protocols you need to open.


  • VPY
    VPY W/ Alumni Posts: 2 Security Scout



    Some default rule block traffic from vpn-private network to vpn-gateway. Put rule to allow traffic to that one ip and it works. 


    first to find which profile is in use at computer. Then try to make chances, but release that profile is read only didin't get ready at any point. Clone profile to new one and then could save chances..


This discussion has been closed.