Proper inflow and outflow of network traffic requires careful setup of the device that directs the traffic - your router. Email, Internet access, remote access, and other services require ports to be opened and forwarded to function successfully. This article covers router setup for Windows Small Business Server 2008.

Directions are provided for the following routers. If your router is not listed, use the General Directions.

Note: this article was written for Windows SBS 2008. If you use Windows SBS 2003, you will need to modify the steps using different firewall ports. See the following topic for firewall ports to open for Windows SBS 2003: http://technet.microsoft.com/en-us/library/cc747257(WS.10).aspx.

Important: Verify Your Settings!

You should verify any settings in this document to ensure your router is properly directing and filtering Internet traffic as desired.

Overview

The following is a diagram of a typical home or small business network.

 

 A typical home or small business network consists of the following:

  • An Internet connection: provided by your Internet Service Provider (ISP).
  • An Internet connection device: usually a cable or DSL modem provided by your ISP. Some ISPs provide a device that combines a modem with a broadband router.
  • A broadband router: a device that routes network traffic from your local network to the Internet. Small business routers usually provide firewall services requiring port configuration. Some routers support UPnP to simplify configuration. The router may also function as a wireless access point.
  • Client computers: connect to each other through a switch (sometimes part of the router) and to the Internet through the broadband router. Multiple switches may be used if you connect more than a few desktop and notebook computers.
  • A home or small business server: provides file sharing and remote access.

 

Reality Check

This article assumes you have a basic understanding of small business networking.

If the terms ping, static IP address, DHCP, firewall ports, and UPnP are a foreign language for you, consider having a friend or consultant help you set up your network.

The following links provide information on small business networking:

 

General Directions

 

UPnP Router Configuration

Many broadband routers designed for small business support UPnP – a standard that simplifies router setup. Check your product documentation for UPnP support. If UPnP is supported, Windows SBS 2008 may be able to automatically configure your broadband router.

  1. If your router supports UPnP, ensure that UPnP is enabled.
  2. Open your Web browser, and then connect to the configuration Web page for your router. Usually the Web page is at the IP address of your router.
  3. If necessary, type your user name and password to log on to the configuration Web page. Some routers include a default user name, password, and IP address on the underside of the router. For more information, see the documentation for your router.
  4. Find the UPnP setting page on your router. For more information, see the documentation for your router.
  5. Save the configuration on your router, and then close the browser. If your router needs to restart, wait until it restarts completely before you proceed.

NOTE: For security reasons,you should disable UPnP after you have configured the router. Because there is no longer a need for UPnP based configuration, it is a security best practice to eliminate potential attack vectors.

Manual Router Configuration

If your router does not support UPnP, or if UPnP is disabled, there may be a yellow warning icon and the text indicating your router could not be found or configured when Windows SBS 2008 attempts to configure your router. If your router does not support the UPnP standard, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP, optional, allows direct Remote Desktop Connection to your Windows SBS 2008 server. Best practice is to not open this port unless RDP connection is required.) TCP 3389

A typical router-configuration page includes a table that looks similar to the following one. This article will use 192.168.1.3 for the IP address of your Windows SBS 2008 server.

Port forwarding rules

IP Address Protocol (TCP/UDP) Schedule Inbound Filter
192.168.1.3 TCP 25 Always Allow All
192.168.1.3 TCP 80 Always Allow All
192.168.1.3 TCP 443 Always Allow All
192.168.1.3 TCP 987 Always Allow All
192.168.1.3 TCP 1723 Always Allow All
192.168.1.3 TCP 3389 Always Allow All

 

To manually configure your router

  1. Open your Web browser, and then connect to the configuration Web page for your router. Usually the Web page is at the IP address of your router.
  2. If necessary, type your user name and password to log on to the configuration Web page. Some routers include a default user name, password, and IP address on the underside of the router. For more information, see the documentation for your router.
  3. Disable UPnP on your router.
  4. Find the port forwarding configuration page on your router.
  5. Type the necessary information to forward TCP port 80, TCP port 443, TCP port 987, TCP port 1723 (if you plan to enable VPN), and TCP port 3389 to the IP address of your Windows SBS 2008 server.
  6. Save the port-forwarding configuration on your router, and then close the browser. If your router needs to restart, wait until it restarts completely before you proceed.

  


  

Configure the Linksys BEFSR41 for Remote Access

Model: BEFSR41

Version: 4.1

Firmware: 1.04.09

http://homesupport.cisco.com/en-us/wireless/lbc/BEFSR41?referrer=www.linksysbycisco.com

UPnP Router Configuration

The Linksys BEFSR41 broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Linksys BEFSR41, Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Click the Administration tab, the Management page should be selected. If not, click the Management tab.
  4. For UPnP, click Enabled, and then click Save Settings.
  5. Close the Web browser.

 

 

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Click the Applications and Gaming tab, the Port Range Forwarding page should be selected. If not, click the Port Range Forwarding tab.
  5. Enter the settings as in the screenshot below. The IP address should be the IP address of your server.
  6. Click Save Settings, and then close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

  


  

Configure the Netgear RP614 for Remote Access

UPnP Router Configuration

The Netgear RP614v4 broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Netgear RP614v4, Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Netgear router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Under Advanced, click UPnP.
  4. Click Turn UPnP On, and then click Apply.
  5. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Netgear router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Under Advanced, click Port Forwarding / Port Triggering.
  5. Under Service Name, click HTTP, enter the server IP address, and then click Add.
  6. Click Add Custom Service, and then enter the following settings:

    Service Name: SMTP

    Service Type: TCP

    Starting Port: 25

    Ending Port: 25

    Server IP Address: your server IP address
  7. Click Apply.
  8. Continue adding the custom services you see in the screenshot below.
  9. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


  

Configure the Sonicwall TZ170 for Remote Access

Model: TZ170

Version: Standard

Firmware: SonicOS Standard 3.1.6.3-4s

http://www.sonicwall.com/us/support/3134.html

UPnP Router Configuration

The Sonicwall TZ170 broadband router does not support UPnP.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Sonicwall router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Click Firewall, and then click Services.
  4. Under Custom Services, click Add.
  5. Enter the following settings:

    Name: RDP

    Port Range: 3389 - 3389

    Protocol: TCP(6)

  6. Click OK.
  7. Repeat the above steps and create a custom service for Sharepoint. Use port 987 (TCP).
  8. Under Firewall, click Access Rules.
  9. Click Add.
  10. Enter the following settings:

    Action: Allow

    Service: RDP

    Source, Ethernet: WAN

    Destination, Ethernet: LAN

    Destination, Address Range Begin: your server’s IP address

  11. Click OK.
  12. Repeat the above steps and add the following access rules:

    Service: Send E-Mail (SMTP)

    Service: Web (HTTP)

    Service: HTTPS

    Service: Sharepoint – the name of the custom service you created above

    Service: PPTP
  13. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


  

Configure the Sonicwall TZ100 for Remote Access

Model: TZ100 wireless-N

Firmware: SonicOS Enhanced 5.5.1.0-5o

http://www.sonicwall.com/us/support/13528.html

UPnP Router Configuration

The Sonicwall TZ100 broadband router does not support UPnP.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

 

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Sonicwall router in the address field. The default IP address is 192.168.168.168.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Click Firewall, and then click Services.
  4. Under Service Groups, View Style, click Custom Services.
  5. Unders Services, click Add.
  6. Enter the following settings:

    Name: SharePoint

    Protocol: TCP(6)

    Port Range: 987 - 987

  7. Click OK.
  8. Under Service Groups, click Add Group.
  9. For Name, enter: SBSPorts
  10. From the list on the left, select the following Services and add them to the list on the right with the right arrow button:

    HTTP

    HTTPS

    PPTP

    SharePoint

    STMP

    Terminal Services TCP


  11. Click OK.
  12. On the left navigation menu, under Firewall, click Access Rules
  13. Under Access Rules, View Style, click Drop-down Boxes.
  14. For the From Zone, select: WAN
  15. For the To Zone, select: LAN
  16. Click OK.
  17. Click Add.
  18. Under Settings, enter the following:

    Action: Allow

    Service: SBSPorts

    Source: Any

    Destination: WAN Primary IP (or the port use use for broadband)

    Users Allowed: All

    Schedule: Always on

  19. Click OK.
  20. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

  


  

Configure the D-Link DIR-825 for Remote Access

Model: DIR-825

Hardware Version: B1

Firmware Version: 2.02NA

http://www.dlink.com/products/?tab=3&pid=DIR-825&rev=DIR-825_revB

UPnP Router Configuration

Though the D-Link DIR-825 broadband router supports UPnP, UPnP configuration did not test successfully.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

 

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the D-Link router in the address field. The default IP address is 192.168.0.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is blank.
  3. Find the screen with UPnP settings and disable UPnP.
  4. On the top menu, click Advanced.
  5. On the left menu, click VIRTUAL SERVER.
  6. Click the first Application Name list box and select SMTP.
  7. Click the left double arrow to place SMTP in the Name box.
  8. In the first IP Address box, enter the IP address of your server.
  9. Select the check box to enable it.
  10. Repeat steps 6.-9. in the available list boxes for the following Application Names: HTTP, HTTPS, PPTP, REMOTE DESKTOP
  11. In the next blank Name box, type: SharePoint
  12. In the Public Port box, type: 987
  13. In the Private Port box, type: 987
  14. In the IP Address box, enter the IP address of your server.
  15. Select the check box to enable it.
  16. Click Save Settings.
  17. Click Continue when the settings are saved and close the Web browser.

 

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


  

Configure the Linksys WRT160N for Remote Access

Model: WRT160N

Hardware Version: V3

Firmware Version: 3.0.02

http://homesupport.cisco.com/en-us/wireless/lbc/WRT160N

UPnP Router Configuration

The Linksys  WRT160N broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Linksys WRT160N , Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is blank. The default password is admin.
  3. Click the Administration tab.
  4. For UPnP, click Enabled, and then click Save Settings.
  5. Close the Web browser.

  

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Click the Applications and Gaming tab, the Port Range Forwarding page should be selected. If not, click the Port Range Forwarding tab.
  5. Enter the settings as in the screenshot below. The IP address should be the IP address of your server.
  6. Click Save Settings, and then close the Web browser.

  

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


 

Configure the Linksys WRT54GL for Remote Access

 

Model: WRT54GL

Version: 1.1

Firmware: v4.30.11

http://homesupport.cisco.com/en-us/wireless/lbc/WRT54GL

UPnP Router Configuration

The Linksys WRT54GL broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Linksys WRT54GL, Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Click the Administration tab, the Management page should be selected. If not, click the Management tab.
  4. For UPnP, click Enabled, and then click Save Settings.
  5. Close the Web browser.

  

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Click the Applications and Gaming tab, the Port Range Forwarding page should be selected. If not, click the Port Range Forwarding tab.
  5. Enter the settings as in the screenshot below. The IP address should be the IP address of your server.
  6. Click Save Settings, and then close the Web browser.

 

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

   


 

Configure the Watchguard Firebox X20e for Remote Access

 

Model: X20e

Firmware: 10.2.12

http://www.watchguard.com/products/edge-e/overview.asp?t=main 

UPnP Router Configuration

The Firebox X20e broadband router does not support UPnP.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

 

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Firebox router in the address field. The default IP address is 192.168.111.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is admin.
  3. Click Firewall, and then click Configure Incoming.
  4. Under Common Packet Filter Policies, for the HTTP and HTTPS, and SMTP policies, set the following:

    Filter: Allow

    Host: IP address of your server

    Port Redirect, HTTP: 80

    Port Redirect, HTTPS: 443

    Port Redirect, SMTP: 25

  5. Click Submit.
  6. Under Custom Packet Filter Policies, click Add Packet Filter Policy.
  7. Enter the following:

    Policy Name: SharePoint

    Incoming Tab, Incoming Filter: Allow

    Policy Host: type the IP address of your server

    Properties Tab, Protocol Settings: 987

  8. Click Add, and then click Submit.
  9. Repeat Step 7 and 8 for the following policies and ports:

    VPN, port 1723

    RDP, port 3389

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.