Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2517 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Afraid I may be in a legacy environment should I allow ports udp 137 and udp 137?

B.R.O.

The last time I tested the firewall on the network live, the interfaces to our lab never came back up.  They are connected to a Xyplex Terminal Server which I have never seen before I started working here.  They connect at 10mbs to our coreswitch.

I also just remembered someone from Dell Hosting Services said they host a part of our network in a legacy environment.  I thought to myself its because of the Windows 2003 domain controllers we have,  I already demoted and got rid of my legacy domain controller.  But their 2003 domain controller is still online and my domain functionality is windows 2003.

 

With that in mind, are there some old ports we haven't heard of in a while that need to be created on a any-to-any rule for LAN,WIFI, and VPN?

 

ARP fluxing since its not on could it make old networks that mostly do arp rounting have trouble.  I am trying to expect the worst thing that can happen so I can fix it quickly.

 



This thread was automatically locked due to age.
Parents
  • 0

    Great I just found this article...

     

    Issue:

    When attempting to start instrument interfaces, despite correct MEDITECH setup, the interfaces will not start, often getting stuck in a "Starting" status.

    Resolution: 

    Often times, with Park Place (or hosts in general), connections between machines will be closed due to security protocol. Sometimes the connection between the background client running LAB analyzer background jobs and the term server is closed. Specialists may use the Process All Background Jobs routine to determine the BKG client running the analyzer jobs. Specialists can then check the LIS Device Dictionary to determine the IP address of the term server(s) being used. Once Park Place (or another host) is aware of the issue, they are able to adjust the access settings to the firewall, allowing for the necessary connectivity. Starting of interfaces and testing of transmissions will confirm the connectivity.

    Other Considerations:

    Keep in mind that LIVE and TEST will typically have different BKG clients running the analyzer background jobs. Site's host will need to be made aware of this. Often times the BKG machine running background jobs in TEST will be changed once the LIVE environment is created. Please ensure that both background clients have access to the IP adress of the term server(s) being used.  

     

    I know one of the terminal server's ip address is 10.141.12.6...so I should see it blocked on the firewall and add it to a LAN to LAN or whatever other zone it needs.
  • 0 in reply to B.R.O.

    Hi,

    you will need to create very specific rules to cover this for security if you can't do it via a tunnel (vpn etc)

    rule would be source IP address any network -> destination IP address any network -> packets udp 137 or you could create a network definition just for the server at each end.

  • 0 in reply to rfcat_vk

    I don't know why but my nats are not working and my lab is down.  I was told the router with the natting route straight through my firewall but think it was going  through the dmz...

Reply Children
No Data