Avast WEBforum

Consumer Products => Avast SecureLine VPN => Avast SecureLine VPN for Windows => Topic started by: nytix on March 08, 2013, 10:24:29 PM

Title: Avast SecureLine Firewall Ports
Post by: nytix on March 08, 2013, 10:24:29 PM
Avast Secureline is a pretty nice product but we are having a few problems writing firewall rules for it to be able to get out to the internet.
What ports on the stand-alone firewall do you have to open (and what are the destination IP addresses) to be able to use Avast SecureLine in a safe and secure manner?

Searching Google, calling Avast support and even placing an Avast trouble ticket did nothing to answer the question that in my mind is so darned fundamental - what ports do I need to open up?
While we are on the subject, the Avast phone support is next to useless, especially given that we pay for all the Avast products that we use  - having a guy in India ask me if you like the Rodeo and do I drive a car like Knight Rider, is just plain ridiculous. We use this product on our ecommerce website www.nytix.com (http://www.nytix.com) - we sell discount broadway tickets - and it would be great if we could secure the server a little better.

The bottom line is that that it doesn't look like SecureLine uses any standard or normal VPN ports for its secure VPN protocols L2TP, PPTP or IPsec - It looks like it just uses the set of random high TCP ports from 49000 through to 65000.
It's been touted that you need to allow port UDP 1194 for SSL VPN or TCP 1723 & IP 47 (GRE) for PPTP VPN - But these appear to be red herrings, as we specifically excluded all those ports and the product still runs perfectly fine without them - as long as you allow all the named TCP random high ports above 49000 that we described - crazy huh?

You would think that a security product would be secure, right?

Are we the only people in the world who actually write specific firewall rules anymore that have a source, destination, port and protocol that actually locks down applications to what they are supposed to be doing.
No wonder everyone is getting hacked.
Title: Re: Avast SecureLine Firewall Ports
Post by: jbekkema on March 14, 2013, 07:34:58 PM
Hi nytix,

I have nothing to do with Avast, so I can't comment on your support experience, however the Avast SecureLine client (at least the Mac and Windows version - I don't know about the iOS version) does use standard ports for PPTP, L2TP, and IPSec. OpenVPN's protocol and port (if you are using the Pro version) can vary.

Quote
It looks like it just uses a set of random high TCP ports from 49000 through to 65000.
The standard ports for PPTP, L2TP, and IPSec are used, and on a normal consumer-level router (or for custom firmware such as DDWrt) all you have to do is enable VPN-Passthrough to allow PPTP, L2TP, and IPSec through NAT and the firewall. The port numbers you refer to could be for IPC between the GUI and backend (rather than anything external or directly related to the VPN connection), or you could also be looking at the client-side port number, rather than the destination port.

For example, the PPTP protocol uses a TCP connection with a destination port of 1723 (on the VPN server side) and a source port of anywhere from 1024-65535 (on the client side - that is your computer), along with IP47. Reference (http://www.symantec.com/business/support/index?page=content&id=TECH79356)

If you are using a firewall on the computer itself, make sure you're not targeting a single process like the GUI, as VPN connections are usually handled at the kernel level. Alternatively, you could always look at using OpenVPN instead, which uses simple outbound TCP and UDP connections.

Cheers,
James