Testing firewall setup can be a tricky business. There are thousands of ports to scan and many types of options that make configurations complicated. While MxToolbox can’t know every firewall and test every variation, we can give you tips on how to probe your firewall externally using our tools to see if everything is setup properly.
Before you begin testing your firewall setup, you’ll want to make a few lists:
- Make a list of IP addresses and server names. You should have two lists: one for public facing servers that you want to be able to access and another for private servers that should not be externally facing.
- Make a list of ports that should be accessible on the firewall, based upon the types of servers you have that are public facing.
- You may also want to make a list of ports you absolutely want blocked for security reasons. We have a few in our Portscan Tool.
During setup verification, you will run a series of tests against both your public IP addresses and private servers to ensure your firewall is appropriately blocking traffic and permitting only what you want.
- Run a port scan on your firewall. This will tell you if most common ports are open
- Ping both lists of servers: IP addresses you want to be public and servers you don’t want to be public.
- Run a Traceroute to all public facing servers so you can be sure that traffic is running through your firewall.
- Run SMTP, HTTP, or TCP tests on all public facing servers for each port/service combination that the server will be running. Alternatively, you could simply run a port scan for each server.
On-going Server Maintenance
On-going, you may want to ensure your firewall is open to the ports/services you have specified. The best way to test this is through regular monitoring.
- Setup SMTP monitors for all mail servers behind the firewall
- Setup HTTP monitors for all web servers behind the firewall
- Setup TCP monitors for all other services on those servers.
Monitors are the best way to know immediately when a service or server goes down. MxToolbox monitors are constantly probing your systems to check availability, giving you peace of mind knowing that you will know if something goes wrong.