Internet2
Site Index | Internet2 Searchlight |
Membership | Communities | Services | Projects | Tools | Events | Newsroom | About
| Home

Services
Internet2 Network
Abilene
WaveCo
FiberCo
The Commons
InCommon
Usher
MAN LAN
Workshops
Projects
HOPI
End to End
The Observatory
Middleware
Security
Shibboleth
SIP.edu
Digital Video
ITECs
Disciplines
Applications
Health Sciences
Science & Engineering
Arts & Humanities
Community
Membership
Regional Networks
International
Government
K-20 Initiative
The Quilt
SEGPs
Working Groups

Internet2 Detective and Firewalls

Default settings on personal firewalls may block some of Internet2 Detective's functions. As a convenience, this page provides guidance for configuring several different firewalls so that they will allow the Internet2 Detective to work.

ZoneAlarm
Kerio
Windows XP Firewall

If you have any questions, please consult your organization's IT support staff, or the company that produces the firewall you are using. If you would like to provide instructions for configuring other personal firewalls, you are encouraged to submit them for inclusion here.

Additional Technical Information abou the Internet2 Detective is also available.

ZoneAlarm

http://www.zonelabs.com/

Setup ZoneAlarm Standard Edition

Under Firewall on the left menu, Internet Zone and Trusted Zone security sliders can not be any higher than medium.

Setup ZoneAlarm Pro Edition

Under Firewall on the left menu, click the "Main" tab, and make sure that the Internet Zone and Trusted Zone security sliders are no higher than medium.

Alerts

Each time the Internet2 Detective is run (unless you check the "Remember this answer the next time I use this program" box) you will receive the following prompts:

  1. (New Program) Do you want to allow I2Tray.exe to access the local network?
  2. (Repeat Program)  Do you want to allow I2Tray.exe to access the internet?
  3. (Server Program) Do you want to allow I2Tray.exe to accept connections from the Internet?

Click "Yes" for all of these.  It's possible that the Abilene test will come up negative the very first time; ignore this and click the Test button, and it should work fine (as long as the above directions were followed).

When you click "Test" for bandwidth, you COULD get the following prompts:

  1. (New/Repeat Program) Do you want to allow iperf.exe to access the local network?
  2. (Repeat Program) Do you want to allow iperf.exe to access the Internet?

Click "Yes" for both of these.  It is recommended that you check the "Remember this answer the next time I use this program."  This is because the bandwidth test relies on a manual timer, and will time out if the "Yes" buttons of the prompts are not clicked promptly enough.

During peer-to-peer network testing, you COULD get the following prompts:

  1. (Server Program) Do you want to allow iperf.exe to act as a server?
  2. (Repeat Program) Do you want to allow iperf.exe to access the Internet?

These will not appear if you already checked the "Remember this answer the next time" box, because these are iperf-related prompts, just like the bandwidth testing.  For maximum Internet2 Detective performance, it is recommended that you click the "Remember this answer for next time I use this program" box for any iperf.exe-related prompts that ZoneAlarm provides.


Kerio

http://www.kerio.com/

Setup

Please perform these instructions with the "Ask Me First" policy enabled on the Kerio firewall's tab slider under File->Admin.  Once you have run the Internet2 Detective and checked all of the "Create appropriate filter rule" boxes, and using the Internet2 Detective gives you no more prompts, you can move the Firewall tab's slider up to "Deny Unknown" and the Internet2 Detective will still function smoothly.

Alerts

When you start up the Detective the first time, you should receive two prompts:

  1. Outgoing Connection Alert
  2. Incoming Connection Alert

Select "Permit" for both, and to prevent these prompts from appearing the next time the Detective is run, select "Create appropriate filter rule and don't ask me again."

When you attempt to perform a bandwidth test, you will receive 2 to 5 prompts, consisting of:

  1. Incoming Connection Alerts
  2. Outgoing Connection Alerts

For the bandwidth test to complete successfully, you must select "Create appropriate filter rule" and "Permit" each time a prompt appears.  If you do this on the first 2 no more prompts should appear, but if you select only permit, up to 5 prompts will appear, and the bandwidth test will time out.

During peer-to-peer testing, you will get similar prompts if did not select "Create appropriate filter rule" during the bandwidth testing already.  Treat this case as outlined in the bandwidth testing section.

Multicast

To enable multicast testing, click on the File Menu, then Admin, then on the Advanced button on the Firewall tab.  Find the rule named "IGMP", and check the "Permit" box at the bottom of the dialog box.  Hit "OK", then "Apply".

Windows XP Firewall

Setup

Click on the Start menu, go to Control Panel, and then to Network Connections. In the Network Connections window, double click the connection with which you would like to use the Detective and the Windows XP Firewall.

When the Connection dialog appears, click on the Properties button in the lower left corner then click the Advanced tab.  Check the box next to "Protect my computer...", and then click the Settings button in the
lower right hand corner.  A dialog  box titled "Advanced Settings" should appear, and the Services tab should be highlighted.

Opening Ports

To allow the Internet2 Detective to work with your Windows XP Firewall, please follow these directions:

1.  Click the Add button in the lower left corner of the Services tab box.  A dialog box titled "Service Settings" should appear.  In the first text box, enter:

Internet2 Detective Port 7777

In the second text box, enter your computer's IP address, which can be found on the main window of the Internet2 Detective.  Then, enter the number "7777" (without quotes) in both the External and Internal Port
number boxes, and select "UDP".  Then hit "OK".

2.  Repeat Step 1, but replacing 7777 with 8888.

3.  Repeat Step 2, but replacing 8888 with 8889 for the applet.

4.  If you wish to use the Internet2 Detective's peer-to-peer testing component, you must open one additional port: 6666.  Open that port using the method outlined in Step 1 above, but use 6666 instead of 7777.

5.  To allow the Detective to perform Multicast testing, you must open one additional port: 56464.  Open that port using the following method: first, click the Add button just like in Step 1.  In the the first text
box, enter "Internet2 Detective Multicast Test".  In the second box, enter your IP address like usual.  Then, for the last 2 boxes, enter "56464", and make sure that "TCP" (not "UDP") is checked.  Then hit "OK".

Your Windows XP Firewall now should be configured to handle the Internet2 Detective.

© 1996 - 2008 Internet2 - All rights reserved | Terms of Use | Privacy | Contact Us
1000 Oakbrook Drive, Suite 300, Ann Arbor MI 48104 | Phone: +1-734-913-4250