Emerson Smart Firewall > Setting up and configuring the Emerson Smart Firewall

Discover ports and protocols to create custom rules

Follow this procedure if you want to create custom rules but do not know the applications' ports and protocols. In this procedure, you create custom applications using both the TCP and UDP protocols and ports 1-65534 to allow communications on all ports. You can then examine the log to determine which ports and protocols are actually used.

  1. On the firewall's web UI navigate to ConfigurationApplications and select Add new application.
  2. Create a new application called "test TCP ports" that uses the TCP protocol, and ports 1-65534, select Use for inbound connections and Use for outbound connections and click Apply.
  3. Select Add new application again and create a new application called "test UPD ports" that uses the UDP protocol, and ports 1-65534, select Use for inbound connections and Use for outbound connections and click Apply.
  4. Navigate to the Protection tab Inbound or outbound connections page and create a TCP and UPD rule between the computers that will be communicating using these applications.
    If you are unsure if the application needs an outbound or inbound rule, create both and use the information in the log to determine the proper direction.
  5. Enable logging on the newly created rules.
    Note

    If other rules are enabled between these computers, disable logging on these rules so this is the only rule that is creating log entries for these computers.

  6. Run the applications on both computers using the application's full functionality. Allow the applications to run long enough to create sufficient log entries.
  7. Find the logs on the syslog server and search for all of the log entries matching the IP addresses of the computers that use the applications you just created. Find the applications' ports and protocols in the log.
  8. Document the ports and protocols on the Worksheet for custom applications .
  9. Delete and disconnect the test rules.
  10. Now that you know the ports and protocols, go to ConfigurationApplications and add the custom applications. Then go to ProtectionInbound and Outbound connections to add the rules for the custom applications.
    Be sure to enable logging on the rules.
    Note

    As you create each rule, ensure that the applications are communicating properly. Since these rules were not pre-tested, exercise the applications to ensure they are communicating and working properly.

Related information