Data Expedition, Inc. ®

Move Data Faster

Support
Tech Notes
Software Versions
Configuring Firewalls
Network Performance
Platform Support
Managing Bandwidth
Vista Firewall
License Binding
Anon. Win32 ExpeDat
Common Problems
Purchase Order Info.
ExpeDat 1.9-4+
Search DEI:

Tech Note History
May142007SSH Tunneling
Apr252007Vista Firewall
Feb122007Updated
 

Configuring Firewalls

As with all networking software, MTP/IP applications must be able to pass through any firewalls or Network Address Translation (NAT) devices you may have.  The setup chapter of each application's manual states which ports need to be opened.  For example, ExpeDat uses UDP/IP port 8080.  HyperGate uses both TCP/IP and UDP/IP ports 8083 and 8088.  You can also configure MTP/IP applications to use any other port numbers, if that is more convenient.

The most common symptom of a firewall blocking MTP/IP is a failure to connect between the client and the server.  This is usually accompanied by an error such as "Failed: Local Network: No Response".  If this happens, check that the server is running, that the port numbers used by the client and the server match, and that all firewalls and NAT devices have explicit rules permitting MTP/IP traffic as described in the software's documentation.

In some cases, connectivity may be lost after a transaction has been running successfully for some time.  This can occur if a firewall has been configured to "automatically" allow locally originated traffic, because such automatic detection is sometimes only temporary.  To ensure proper operation, you should explicitly authorize the ports described in the software's documentation.

Pay close attention to whether TCP or UDP ports are being set.

Windows XP Firewall

The first time you run an MTP/IP application under Windows XP SP2 or later, it may ask you whether to "Unblock" the application.  Clicking "Unblock" should be sufficient to allow normal operation.  If there are problems, open the "Windows Firewall" control panel.  In the "Exceptions" pane, click on "Add Port" to authorize each port required by the application's documentation.

Windows Vista Firewall

By default, the Vista firewall may allow an MTP client to access the network, but at greatly reduced performance.  To ensure maximum performance, you must open the UDP port for the MTP application.  First, open the "Windows Firewall" control panel.  In the "Exceptions" pane, click on "Add Port" to authorize each port required by the application's documentation.  See Configuring Vista Firewall for step-by-step instructions.

Dynamic Firewalls

Some firewalls can be configured to block traffic based on certain patterns of use.  Because MTP/IP makes full use of your network resources, a dynamic firewall may mistake this for an attack.  If MTP/IP performance degrades or is suddenly cut off, check for such settings.  You may need to add the application's port numbers to a second list, or disable such automatic detection features.

SSL VPNs & SSH Tunneling

Devices which tunnel network traffic over TCP/IP, including "SSL VPNs" and Secure SHell tunnels, severely impair performance and are not compatible with MTP/IP.  Consider using an IPsec VPN instead.

info@DataExpedition.com 877-292-2280
Copyright © 2000-2008 Data Expedition, Inc.  All Rights Reserved.