This chapter indicates the possible rule settings for the Windows firewall. These can be further modified and tightened according to security needs (e.g. only allow access of specific IP addresses using the remoteip clause).
Enabling ICMP Ping packets (for diagnostics):
...
netsh advfirewall firewall add rule name="_SFTP" dir=in protocol=TCP localport=22 action=allow profile=any
Other, less used settings:
Access to the EDA server (the port is adjustable with the /EDAP parameter):
netsh advfirewall firewall add rule name="_EDA" dir=in protocol=TCP localport=3121 action=allow profile=any
Access to the Oracle database and Oracle Enterprise Manager - database/archive servers on which Oracle is installed and running:
netsh advfirewall firewall add rule name="_Oracle Server" dir=in protocol=TCP localport=1521 action=allow profile=any
netsh advfirewall firewall add rule name="_Oracle WEB EM" dir=in protocol=TCP localport=1158 action=allow profile=any
Access to the Sybase database server (for the configuration/monitoring/archive database) if only one database process is running:
netsh advfirewall firewall add rule name="_Sybase Server" dir=in protocol=TCP localport=2638 action=allow profile=any
Access to the Sybase database server (for configuration/monitoring/archive database) if multiple database processes are running:
netsh advfirewall firewall add rule name="_Sybase Server" dir=in program="c:\Program Files\SQL Anywhere 12\BIN64\dbsrv12.exe" action=allow profile=any
Of course, additional rules may be necessary due to communications (e.g. access to the D2000 Gateway server, to the UDP port for the SerialOverUDP Device Redundant communication line, or access to the TCP port for server protocols). An example rule for Modbus Server protocol on a TCP/IP-TCP line(a default Modbus port 502):
...