For an incoming service (such as a port that needs to be opened from the outside world on a server) to be configured you must provide the following information so that Richweb can execute the changes. An incoming service is defined as traffic flow that originates from OUTSIDE the firewall and is destined for an internal server on the client network behind the firewall.
1. The internal, private IP address of the server
2. The protocol type (usually tcp,udp; may also be gre/pptp and/or ipsec)
3. The port number (for tcp and udp services)
Optional:
4. If you only want the service open to selected external IPs (which must be static, non-changing ips or ip blocks) you can provide this as well.
Richweb will then create a NAT translation on the firewall appliance so that traffic is forwarded to the desired internal service.
Sometimes, you will have a situation where you have a resource that needs a public IP on it (perhaps its an SSL protected appliance or web server) that must be reachable via internal and external clients on the same dns name. This can happen with non MS Exchange mail servers as well. Richweb will often push or route a static IP THRU the firewall, configure the packet inspection on the firewall, and bind the static public ip to the inside server as an alias. In this case Richweb will NOT be natting the IP on the firewall and will NOT be forwarding any ports, but will be restricting the traffic using access control lists.
ISPs that Richweb supports will often use this passthru configuration on Cisco PIXes were the PIX provides the firewalling benefit without the complexity of NAT and dual DNS (inside and public IPs).
For OUTGOING services the basic outbound NAT confguration should allow the packets to pass without any modification on the firewall unless the firewall has been locked down with a higher level of inspection or access control, which sometimes will be the case.
The basic way to test that a tcp port is open for OUTBOUND connectivity is to use the telnet program.
Example:
telnet mail.richweb.com 25
Trying 63.90.9.3...
Connected to ford.
Escape character is '^]'.
220 mail.richweb.com ESMTP Postfix
That shows that port 25 (smtp mail) is open on the outside server mail.richweb.com.
If a vendor is requesting that a "port be opened" in order to reach a service that the vendor may host, the first rule of thumb is to check that the port is tcp. In most cases it will be, and you can test for yourself that it does or does not allow a connection.
If the connection does NOT work, your telnet prompt will hang and be unresponsive. In that case try testing the connection again from a different network (such as a home broadband dsl or fios service) before assuming that the firewall is blocking OUTBOUND connections. In most cases it (the firewall) will NOT be blocking outbound traffic.