Personal firewall configuration for the VPN service

Although we recommend taking security precautions for your home computer, we can provide only 'best efforts' advice on personal firewall configuration for the VPN Service. This is because of the wide range of software available and the differing degree of support each provides.

If you intend purchasing a personal firewall you should check whether it supports PPTP ('Point to Point Tunnelling Protocol'), since this protocol is used by our VPN service.

The following table summarizes some of the experiences and information we have been passed and gathered from our users about various types of firewalls and connecting to VPN. This information is only informal and is only really so show you some of the things to be aware of if you have a firewall installed and want to use connect to VPN. It is not definitive, nor is it a recommendation to use or avoid any particular personal firewall brand.

Known Firewall Types Compatibility? Advice
ZoneAlarm 5.5 (free version) Yes (But needs configuring) Add vpn.soton.ac.uk to trusted sites.
Also set 'Trusted Zone Security' to 'Medium' or 'Low' if necessary. (More details below)
Windows Built-in Firewall (XP sp2 onwards) Yes No firewall configuration needed.
- However one or two Linksys Broadband routers have been known to conflict with Windows Firewall, however Firmware upgrades and windows updates can usually fix this.
Sygate Personal Firewall Sometimes
not		 We had one report of a user that also had an ADSL router and was using private IP addresses with it (NAT) and then when Sygate was installed VPN stopped working. Even when it was configured to allow vpn.soton.ac.uk so we advise uninstalling it and testing VPN without if you are having trouble connecting.
Norton Internet Security and Firewall (Symantec) May need configuring Norton Internet Security products usually have a firewall built into it and it is best to add vpn.soton.ac.uk (or 152.78.201.191) to the trusted sites and try reducing the Internet Security level if it is still not working as it may be too high. If not then try turning all internet security or protection parts of the program off.
Broadband Routers Built-in Firewalls Yes (But keep updated) However some may require firmware / software updates to fix software bugs or increase VPN capabilities in your router.

Firewall Configuration Advice for VPN Connections

Most modern firewalls allow VPN to connect without any extra configuration but if you suspect your firewall may be restricting the connection to the server then try adding some firewall rules to allow trusted addresses or services or try reducing any automatic firewalls protection levels if there are any. The details below provide a guideline as to some of the rules you may have to configure depending on the particular firewall you are using.

Generic Firewall Rules

Most firewalls do not require and specific configuration or rules to be added to allow VPN to work, but if you suspect that your firewall might be restricting VPN traffic then you could try adding the VPN server address vpn.soton.ac.uk (IP address 152.78.201.191) to allow all traffic to and from this destination. Or if you wish to open the particular ports that VPN connection require then allow the incoming TCP port 1723. Also if your particular firewall allows you to specify 'protocols' as well as basic TCP or UDP ports then you should also allow Protocol 47 (GRE).

Zone Alarm specific firewall configuration advice

If you have the software based firewall called Zone Alarm (by Zone Labs) installed on your pc and you are having trouble connecting to our VPN, then please try configuring it as follows....
In most versions of Zone Alarm, click on the 'Firewall' tab, then 'Zones', then there should be an option to 'add' a 'Host/Site' as 'Trusted'.
You should try inputting the following address as Trusted/accepted/allowed:
vpn.soton.ac.uk (152.78.201.191)
Also in the 'Firewall main' tab set 'Trusted Zone Security' to 'Medium' (or try 'Low' if necessary). You should be able to leave 'Internet zone security' as 'High' but again if you still have trouble connected to VPN, try setting that to 'low' as well.

Broadband Routers with Firewalls or Hardware firewalls

Most Broadband Internet Service Providers (ISPs) supply ADSL routers rather than modems these days and most have a firewall built into them. In most cases this will not need any configuration as the VPN connection is outgoing and most firewalls allow all outgoing connections by default. However, if you find you cannot connect to our VPN service then you should check to see if there is a firewall on your router and configure it with the generic rules above if you deem necessary.

Be aware! Also Broadband ADSL routers are known to be the cause of many VPN connection problems as there are many different makes and models and some have very old software programming on them or have bugs in the programming that can conflict with VPN connections or your computers firewalls. So if you are having problems with VPN then we also advise upgrading the routers Firmware / software version to the latest edition available. This can usually be downloaded from the manufacturers website or via the devices management interface. This issue is also mentioned on the VPN Support and Troubleshooting page if you require more information (See 'What's Related' links).

If you already have a personal firewall and know of any details or information that could be added to this page then please don't hesitate to Contact iSolutions ServiceLine (See related links) so that we can add this information to our Web pages.