After reading the forums and searching the web for information, I have a few questions about configuring NIS 2009 to work with the Nortel VPN client.

NIS 2009 required one Smart Firewall, Advanced Setting, General Rule as follows:

ActionL                        to and from

Computers:                   only VPN client destination IP address

Communication:            allow TCP and UDP

                                    All types of communication (all ports, local and remote)

Tracking:                      Create and event log entry

Description:                  Nortel VPN

This was the last general rule, I did not change its position in the list.

Observations and Questions:

Adding the rule, generated event log entries showing when access is granted to specific ports.  Before adding the rule, there were no events showing when access was blocked.  I expected to have to move this rule up on the list in order to allow access before another rule blocled acess.  What was blocking the access and how do I enable event logging for blocked events?

Rather than one general rule allowing communication to and from my computer to the VPN client destination IP address, I want two rules one for each direction.  Only open the specific ports required for that direction.  The history shows inbound 1193 UDP and outbound 500 UDP, and outbound 10000 UDP.   Does anyone have a specific port list for the Nortel VPN client?  

Thanks.

---

JJF3 wrote:

 

What was blocking the access and how do I enable event logging for blocked events?

---

I searched the forums and other threads have reported the same observation.  Before creating any rules, trust control entries, etc when using the Nortel VPN client the Security History shows no blocked events.  After creating a rule, the security history shows allowed events.

NIS 2009  is blocking something but is not creating an entry log event for it.  How do I enable event logging for whatever Norton is blocking?  Its hard to create a specific rule to allow something if you can't first see what is blocked.  Thanks.

After reading the forums and searching the web for information, I have a few questions about configuring NIS 2009 to work with the Nortel VPN client.

NIS 2009 required one Smart Firewall, Advanced Setting, General Rule as follows:

ActionL                        to and from

Computers:                   only VPN client destination IP address

Communication:            allow TCP and UDP

                                    All types of communication (all ports, local and remote)

Tracking:                      Create and event log entry

Description:                  Nortel VPN

This was the last general rule, I did not change its position in the list.

Observations and Questions:

Adding the rule, generated event log entries showing when access is granted to specific ports.  Before adding the rule, there were no events showing when access was blocked.  I expected to have to move this rule up on the list in order to allow access before another rule blocled acess.  What was blocking the access and how do I enable event logging for blocked events?

Rather than one general rule allowing communication to and from my computer to the VPN client destination IP address, I want two rules one for each direction.  Only open the specific ports required for that direction.  The history shows inbound 1193 UDP and outbound 500 UDP, and outbound 10000 UDP.   Does anyone have a specific port list for the Nortel VPN client?  

Thanks.

Sorry, I posted a link to some VPN info on the other post.

---

delphinium wrote:
Sorry, I posted a link to some VPN info on the other post.

---

Yes, you posted some information, some very good information, but you did not answer the specific question that I have now asked for twice. 

Without the rule, VPN does not work, nothing gets logged about ports being blocked.  With the rule, VPN works, lots and lots of entries about ports being allowed. 

What is blocking the ports and how do I enable logging?

Sorry, missed that question.  It is quite confusing working on much the same issue in two places.  When you go into your rule, the  tab that says tracking willow you to check the option to create a log event.  If you read through the other rules you may find that tracking shows as an option for some but not others.  If you can modify it, you can require a log event.

See if this is helpful as well.  Yogesh Mohan provided this information for a similar issue.

Please check whether VPN client(nortel client) is listed under the Program rules and make sure that it is allowed. If not, try to add the executables for your Nortel VPN client and allow the access. You can also try to create a general rule to allow the connection:

1. Start Norton Internet Security.
2. In the Internet pane, click Settings.
3. Under Smart Firewall, click Configure next to Advanced Settings.
4. Under Advanced Settings, click Configure next to General Rules.
5. Click Add.
6. In the Add Rule wizard, select Allow, and then click Next.
7. Select Connections to and from other computers, and then click Next.
8. Select Only the computers and sites listed below, and then click Add.

9. Select Individually, enter the Web site name to which VPN client connects and then click OK.
10. Click Next.

11. Select Only communications that match all types and ports listed below, and then click Add.

12. Select Individually specified ports, enter the port number which is required to be open(Port number:3389) and click OK.

13. Click Next.
14. If you want the logs for this rule to be saved, check Create an event log entry, and then click Next.
15. In the "What do you want to call this rule?" box, type a name for the rule, and then click Next.
16. Click Finish. 
17. Click Move Up to move the rule to top, and make it a higher priority.

18. Click OK, and again click OK.

19. Click OK.

---

delphinium wrote:

 

11. Select Only communications that match all types and ports listed below, and then click Add.

12. Select Individually specified ports, enter the port number which is required to be open(Port number:3389) and click OK.

---

---

Thanks for the help, but I am obviously not explaining my problem correctly.

Trial #1

1. Start with a clean, virgin install of Norton NIS 2009 with all Live Updates applied and No user defined firewall rules or trust control entries.  Basic vanilla, out of the box NIS 2009.
2. Clear the Security History.
3. Start Nortel VPN Client, it trys to start, then loses the connection
4. Check the Security History and find no information about anything being blocked.

Trial #2

1. Start with a clean, virgin install of Norton NIS 2009 with all Live Updates applied and No user defined firewall rules or trust control entries.  Basic vanilla, out of the box NIS 2009.
2. Create General Rule as shown in the orginal post
3. Clear the Security History.
4. Start Nortel VPN Client, it trys to start, then establishes the connection
5. Check the Security History and find information about communication being allowed because the new rule enabled track it.
6. Clear the security history
7. Edit every General Rule that "blocks" if tracking is not enabled, then enable it.
8. Disable the new rule for Nortel VPN 
9. Start Nortel VPN, it trys to star, then fails to establish connection.
10. Check the Security History and find nothing about ports being blocked.

I can get the VPN to work by using a general rule or by using a Trust Level entry, but in both cases I can not determine what specifically is being blocked that prevents the VPN from establishing a connection.

 In order to open specific ports, it would be helpful to know what specific ports are being blocked when the VPN fails to establish a connection.  Is there something else that needs to be enabled to provide additional tracking?  

You could leave the rule you created on as well to see if the tracking on that rule provided the needed information.  It is not only the blocked rule that you want, you also need the "allowed" information.

Failing that, this post by JlatinoO provides information on how to build a monitor rule that will provide connection information because it makes everything log, including the rules that aren't necessarily visible.

You can enable logging of every connection by creating a Monitor rule like this:

1)  Open Settings and go to the "Internet Settings" section

2)  Find "Advanced Settings" under the "Smart Firewall" section. Click Configure next to this item

3)  Click "Configure" nex to the "General Rules" section

4)  Click the "Add" button. This will open the wizard to create a rule.

5)  Select the "Monitor" radio button in the first panel, then click Next

6)  Depending on what you want to track, you can choose "to" "from" or "to and from" options. Click Next

7)  On the next panel you can select sites to monitor. I think you'll want to use the default, "Any computer". Click Next.

8)  Select the communication protocol you want to monitor. If you want to monitor everything, select "All" from the menu and leave the radio button set to "All types of communication". If you only want to monitor web traffic, select "TCP" and select ports 80 and 443. Click Next.

9) Make sure "Create an event log entry" is checked. Click Next.

10) Name your rule, then click Next and Finish.

I mentioned how you can configure this rule for monitoring web connections in step 8. However, if your intention is to only monitor web traffic from known programs like Internet Explorer and/or the Firefox web browser, you will be better off modifying the program rulesfor those specific programs as follows:

1) Under the "Smart Firewall" settings section, find "Program Control" and click "Configure"

2) Find the program that you want to monitor in the list.  Click it so that it's selected.

3)  Click the "Modify" button to open the rule list for that program.

4) Click the "Add" button.

5)  Add a Monitor rule as described above.

Are you connected to your ISP by a NAT router?

JJF3,

You still here?  Or are you looking at hundreds of log entries?

JJF3,

Can you update us on the progress of this issue, please?  Did you get a satisfactory network yet?

I get up at about 4am for work.  I did not work on this last night and did not find the monitoring posts until now.  I am now just getting back to this project.  I expect to be seeing millions of monitoring messages in the next hour.  I will let you know what I find.  Thanks.

Hi JJF3:

I requested assistance from Dbrisendine on your issue.  He did advise that with Nortel, it is more a matter of protocols than of ports.  He will be in and out during the day and will check in with you when he can.  

Lots and lots of monitor messages.

Making a long story, very short . . .  I work remotely from home.  About half of our team will be losing our jobs to offshore resources in the coming months.  These new resources were all supplied with brand new laptops with 3 GB of memory while my old company supplied desktop comes with 256 MB of memory.  I tend to use my personal computers for work because they are much better than the company supplied computer.

I used to have my company supplied computer running Nortel VPN client with corporate McAfee.   In addition I had a standalone Cisco VPN client computer, a standalone Nortel VPN client computer, a computer used as a file server and my personal laptop.

I gave away the standalone VPN client computers to a friend who wanted/needed computers for their kids.  I jokingly said if they ever got rid of them that I would like to get them back because I wanted the neon round IDE and floppy cables from them.  The kids tried to run the latest video and gaming software and crashed and trashed the computers.  So mom and dad are getting their twins brand new computers.  I will have the computers back in a week or two and will reinstall the old Ghost images and be back to work.  I am content to use a moderate lock down with either a General Rule or a Trust Level entry.  If something happens, then I will restore a Ghost image,  There is nothing I "need" to protect on the standalone computers other than keeping Norton NIS current so they are not the vulnerable computer on my home network.

What I was trying to do is lock down the firewall on my fire server so I could run the VPN client and have complete and total confidence that corporate IT wasn't going to be able to remotely monitor, scan, download and install software, etc. because I didn't want them messing with almost 1TB of personal file storage.  

 The other "problem" I have which is extremely subjective is whether of not NIS 2009 on my laptop is causing what appears to be a major drop in performance on the Virtual PC machines that I run from my laptop.  It is on the do list to upgrade from 2GB to 4GB of memory.  I will defer any further investigation until I upgrade the memory.  fyi - 2 virtual machine for you guessed it 2 VPN clients!

Thanks for all your help.  If I get a vote, I would have Norton include rules for all monitoring but leave them unchecked so if or when someone needs them they can just go in and check them.

Sounds interesting.  Let us know how this turns out for you.  I too have about 13 years with using Nortel / MCI / Verizon / ‘name your flavor this month’ corporate VPN software.  If you need any help, please post back and / or PM me by clicking on my name to the left.