- A port set is a collection of one or more ports that you can reference in a firewall rule
- For example, you could create a group called ‘Outgoing Mail Ports’, which consists of port numbers 25, 465, 587, 2525 and 4065. You can then control traffic to all 5 ports by simply selecting the ‘Mail Ports’ group in a firewall rule.
- Portsets can be made up of individual port numbers or port ranges.
- This article explains how to configure a custom portset in Endpoint Manager.
- Login to ITarian
- Click 'Applications' > 'Endpoint Manager'
- Click ‘Configuration Templates’ > ‘Profiles’
- Open the Windows profile applied to your target devices
- Open the 'Firewall' tab if it has already been added to the profile
- Click 'Add Profile Section' > 'Firewall' if it hasn't yet been added:
- Click the 'Portsets' tab:
- Endpoint Manager ships with three default protests:
- HTTP Ports: 80, 443 and 8080. These are the ports typically used for http traffic. Internet browsers use these ports to connect to the internet.
- POP3/SMTP Ports: 110, 25, 143, 995, 465 and 587. These ports are typically used to send/receive the email. For example, by mail clients like Outlook and Thunderbird.
- Privileged Ports: 0-1023. Privileged ports are so called because it is usually desirable to prevent users from running services on these ports. Network admins usually reserve or prohibit the use of these ports.
- Click 'Add' to create a custom portset
- Name - Enter a label for the custom portset. Once saved, the portset name will become available for selection in the firewall rule interfaces.
- Click 'Add' to specify the ports you want to include in the set:
Select your ports then click ‘OK’. Repeat the process to add more ports to the set.
- Any - Include all port numbers (1 - 65535)
- A single port - Enter the required port number in the box
- A port range - Enter the start and end port numbers in the respective boxes
- Exclude( i.e.NOT the choice below) : Removes the port numbers you select from the port set
You can use this to create exceptions within a port set. For example, say you wanted the set to address ports 1 – 200, but not port 50. First, click ‘Add’, specify a port-range of 1 – 200, then click ‘OK’. Next, click ‘Add’ again, enable ‘Exclude, specify port 50, click ‘OK’. Your set would look like this:
- Click 'OK' in the 'Port' dialog. The ports will be added to the new port set in the 'Portset' interface.
- Click 'OK' in the 'Port set' dialog to add the set to the profile.
The portsets will be available for selection when you choose 'A set of ports' as source/destination port while creating or editing a firewall rule, to impose access restriction to the ports, on the devices applied with this profile.