Issue:
- After installing Elements Agent (EPP for Computers or for Servers), VPN connection stopped working and is blocked by the firewall feature.
- How to create a custom Elements Endpoint Protection profile to allow the VPN connection?
- Which ports need to be opened to allow PPTP, L2TP and IPSec VPN connection through the firewall?
Resolution:
In this case you have to start by creating a custom profile which can be edited.
Creating a custom profile:
- Log in to the Endpoint Protection Portal
- Go to the Profiles page
- Select the circular symbol with three dots in the middle next to the profile you want to clone
- Press on clone profile
- Enter a name and label of the new custom profile
Creating a new VPN firewall rule:
- Select the profile you want to use
- Select Firewall
- Go to Firewall rules and select add rule
- Enter a name and description of the rule, e.g Allow VPN
To allow common PPTP VPN traffic:
- Allow PPTP tunnel maintenance traffic, open outbound TCP port 1723
- Allow PPTP tunneled data to pass through router, open outbound protocol 47 (GRE)
- Allow Internet Key Exchange (IKE), open UDP port 500 inbound and outbound
- Allow IPSec Network Address Translation (NAT-T), open UDP port 4500 inbound and outbound
- Allow Encapsulation Security Payload protocol (ESP), open protocol 50 inbound and outbound
- Allow Authentication Header protocol (AH), open protocol 51 inbound and outbound
To allow common L2TP VPN traffic:
- Allow L2TP traffic, open UDP port 1701 inbound and outbound
- Allow protocol 115 inbound and outbound
Assigning a profile:
- Go to the Devices page
- Choose the device(s) to which you want to assign a profile to
- Click on Assign > Assign profile
- Select the profile with the VPN firewall rules and click Assign
Article no: 000002583