Avast Secureline is a pretty nice product but we are having a few problems writing firewall rules for it to be able to get out to the internet.
What ports on the stand-alone firewall do you have to open (and what are the destination IP addresses) to be able to use Avast SecureLine in a safe and secure manner?
Searching Google, calling Avast support and even placing an Avast trouble ticket did nothing to answer the question that in my mind is so darned fundamental - what ports do I need to open up?
While we are on the subject, the Avast phone support is next to useless, especially given that we pay for all the Avast products that we use - having a guy in India ask me if you like the Rodeo and do I drive a car like Knight Rider, is just plain ridiculous. We use this product on our ecommerce website www.nytix.com
- we sell discount broadway tickets - and it would be great if we could secure the server a little better.
The bottom line is that that it doesn't look like SecureLine uses any standard or normal VPN ports for its secure VPN protocols L2TP, PPTP or IPsec - It looks like it just uses the set of random high TCP ports from 49000 through to 65000.
It's been touted that you need to allow port UDP 1194 for SSL VPN or TCP 1723 & IP 47 (GRE) for PPTP VPN - But these appear to be red herrings, as we specifically excluded all those ports and the product still runs perfectly fine without them - as long as you allow all the named TCP random high ports above 49000 that we described - crazy huh?
You would think that a security product would be secure, right?
Are we the only people in the world who actually write specific firewall rules anymore that have a source, destination, port and protocol that actually locks down applications to what they are supposed to be doing.
No wonder everyone is getting hacked.