Windows Small Business Server 2008: Router Setup

Windows Small Business Server 2008: Router Setup

Proper inflow and outflow of network traffic requires careful setup of the device that directs the traffic - your router. Email, Internet access, remote access, and other services require ports to be opened and forwarded to function successfully. This article covers router setup for Windows Small Business Server 2008.

Directions are provided for the following routers. If your router is not listed, use the General Directions.

Note: this article was written for Windows SBS 2008. If you use Windows SBS 2003, you will need to modify the steps using different firewall ports. See the following topic for firewall ports to open for Windows SBS 2003: http://technet.microsoft.com/en-us/library/cc747257(WS.10).aspx.

Important: Verify Your Settings!

You should verify any settings in this document to ensure your router is properly directing and filtering Internet traffic as desired.

Overview

The following is a diagram of a typical home or small business network.

 

 A typical home or small business network consists of the following:

  • An Internet connection: provided by your Internet Service Provider (ISP).
  • An Internet connection device: usually a cable or DSL modem provided by your ISP. Some ISPs provide a device that combines a modem with a broadband router.
  • A broadband router: a device that routes network traffic from your local network to the Internet. Small business routers usually provide firewall services requiring port configuration. Some routers support UPnP to simplify configuration. The router may also function as a wireless access point.
  • Client computers: connect to each other through a switch (sometimes part of the router) and to the Internet through the broadband router. Multiple switches may be used if you connect more than a few desktop and notebook computers.
  • A home or small business server: provides file sharing and remote access.

 

Reality Check

This article assumes you have a basic understanding of small business networking.

If the terms ping, static IP address, DHCP, firewall ports, and UPnP are a foreign language for you, consider having a friend or consultant help you set up your network.

The following links provide information on small business networking:

 

General Directions

 

UPnP Router Configuration

Many broadband routers designed for small business support UPnP – a standard that simplifies router setup. Check your product documentation for UPnP support. If UPnP is supported, Windows SBS 2008 may be able to automatically configure your broadband router.

  1. If your router supports UPnP, ensure that UPnP is enabled.
  2. Open your Web browser, and then connect to the configuration Web page for your router. Usually the Web page is at the IP address of your router.
  3. If necessary, type your user name and password to log on to the configuration Web page. Some routers include a default user name, password, and IP address on the underside of the router. For more information, see the documentation for your router.
  4. Find the UPnP setting page on your router. For more information, see the documentation for your router.
  5. Save the configuration on your router, and then close the browser. If your router needs to restart, wait until it restarts completely before you proceed.

NOTE: For security reasons,you should disable UPnP after you have configured the router. Because there is no longer a need for UPnP based configuration, it is a security best practice to eliminate potential attack vectors.

Manual Router Configuration

If your router does not support UPnP, or if UPnP is disabled, there may be a yellow warning icon and the text indicating your router could not be found or configured when Windows SBS 2008 attempts to configure your router. If your router does not support the UPnP standard, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP, optional, allows direct Remote Desktop Connection to your Windows SBS 2008 server. Best practice is to not open this port unless RDP connection is required.) TCP 3389

A typical router-configuration page includes a table that looks similar to the following one. This article will use 192.168.1.3 for the IP address of your Windows SBS 2008 server.

Port forwarding rules

IP Address Protocol (TCP/UDP) Schedule Inbound Filter
192.168.1.3 TCP 25 Always Allow All
192.168.1.3 TCP 80 Always Allow All
192.168.1.3 TCP 443 Always Allow All
192.168.1.3 TCP 987 Always Allow All
192.168.1.3 TCP 1723 Always Allow All
192.168.1.3 TCP 3389 Always Allow All

 

To manually configure your router

  1. Open your Web browser, and then connect to the configuration Web page for your router. Usually the Web page is at the IP address of your router.
  2. If necessary, type your user name and password to log on to the configuration Web page. Some routers include a default user name, password, and IP address on the underside of the router. For more information, see the documentation for your router.
  3. Disable UPnP on your router.
  4. Find the port forwarding configuration page on your router.
  5. Type the necessary information to forward TCP port 80, TCP port 443, TCP port 987, TCP port 1723 (if you plan to enable VPN), and TCP port 3389 to the IP address of your Windows SBS 2008 server.
  6. Save the port-forwarding configuration on your router, and then close the browser. If your router needs to restart, wait until it restarts completely before you proceed.

  


  

Configure the Linksys BEFSR41 for Remote Access

Model: BEFSR41
Version: 4.1
Firmware: 1.04.09
http://homesupport.cisco.com/en-us/wireless/lbc/BEFSR41?referrer=www.linksysbycisco.com

UPnP Router Configuration

The Linksys BEFSR41 broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Linksys BEFSR41, Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Click the Administration tab, the Management page should be selected. If not, click the Management tab.
  4. For UPnP, click Enabled, and then click Save Settings.
  5. Close the Web browser.

 

 

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Click the Applications and Gaming tab, the Port Range Forwarding page should be selected. If not, click the Port Range Forwarding tab.
  5. Enter the settings as in the screenshot below. The IP address should be the IP address of your server.
  6. Click Save Settings, and then close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

  


  

Configure the Netgear RP614 for Remote Access

UPnP Router Configuration

The Netgear RP614v4 broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Netgear RP614v4, Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Netgear router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Under Advanced, click UPnP.
  4. Click Turn UPnP On, and then click Apply.
  5. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Netgear router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Under Advanced, click Port Forwarding / Port Triggering.
  5. Under Service Name, click HTTP, enter the server IP address, and then click Add.
  6. Click Add Custom Service, and then enter the following settings:
    Service Name: SMTP
    Service Type: TCP
    Starting Port: 25
    Ending Port: 25
    Server IP Address: your server IP address
  7. Click Apply.
  8. Continue adding the custom services you see in the screenshot below.
  9. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


  

Configure the Sonicwall TZ170 for Remote Access

Model: TZ170
Version: Standard
Firmware: SonicOS Standard 3.1.6.3-4s
http://www.sonicwall.com/us/support/3134.html

UPnP Router Configuration

The Sonicwall TZ170 broadband router does not support UPnP.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Sonicwall router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Click Firewall, and then click Services.
  4. Under Custom Services, click Add.
  5. Enter the following settings:
    Name: RDP
    Port Range: 3389 - 3389
    Protocol: TCP(6)
  6. Click OK.
  7. Repeat the above steps and create a custom service for Sharepoint. Use port 987 (TCP).
  8. Under Firewall, click Access Rules.
  9. Click Add.
  10. Enter the following settings:
    Action: Allow
    Service: RDP
    Source, Ethernet: WAN
    Destination, Ethernet: LAN
    Destination, Address Range Begin: your server’s IP address
  11. Click OK.
  12. Repeat the above steps and add the following access rules:
    Service: Send E-Mail (SMTP)
    Service: Web (HTTP)
    Service: HTTPS
    Service: Sharepoint – the name of the custom service you created above
    Service: PPTP
  13. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


  

Configure the Sonicwall TZ100 for Remote Access

Model: TZ100 wireless-N
Firmware: SonicOS Enhanced 5.5.1.0-5o
http://www.sonicwall.com/us/support/13528.html

UPnP Router Configuration

The Sonicwall TZ100 broadband router does not support UPnP.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

 

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Sonicwall router in the address field. The default IP address is 192.168.168.168.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is password.
  3. Click Firewall, and then click Services.
  4. Under Service Groups, View Style, click Custom Services.
  5. Unders Services, click Add.
  6. Enter the following settings:
    Name: SharePoint
    Protocol: TCP(6)
    Port Range: 987 - 987
  7. Click OK.
  8. Under Service Groups, click Add Group.
  9. For Name, enter: SBSPorts
  10. From the list on the left, select the following Services and add them to the list on the right with the right arrow button:
    HTTP
    HTTPS
    PPTP
    SharePoint
    STMP
    Terminal Services TCP

  11. Click OK.
  12. On the left navigation menu, under Firewall, click Access Rules
  13. Under Access Rules, View Style, click Drop-down Boxes.
  14. For the From Zone, select: WAN
  15. For the To Zone, select: LAN
  16. Click OK.
  17. Click Add.
  18. Under Settings, enter the following:
    Action: Allow
    Service: SBSPorts
    Source: Any
    Destination: WAN Primary IP (or the port use use for broadband)
    Users Allowed: All
    Schedule: Always on
  19. Click OK.
  20. Close the Web browser.

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

  


  

Configure the D-Link DIR-825 for Remote Access

Model: DIR-825
Hardware Version: B1
Firmware Version: 2.02NA
http://www.dlink.com/products/?tab=3&pid=DIR-825&rev=DIR-825_revB

UPnP Router Configuration

Though the D-Link DIR-825 broadband router supports UPnP, UPnP configuration did not test successfully.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

 

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the D-Link router in the address field. The default IP address is 192.168.0.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is blank.
  3. Find the screen with UPnP settings and disable UPnP.
  4. On the top menu, click Advanced.
  5. On the left menu, click VIRTUAL SERVER.
  6. Click the first Application Name list box and select SMTP.
  7. Click the left double arrow to place SMTP in the Name box.
  8. In the first IP Address box, enter the IP address of your server.
  9. Select the check box to enable it.
  10. Repeat steps 6.-9. in the available list boxes for the following Application Names: HTTP, HTTPS, PPTP, REMOTE DESKTOP
  11. In the next blank Name box, type: SharePoint
  12. In the Public Port box, type: 987
  13. In the Private Port box, type: 987
  14. In the IP Address box, enter the IP address of your server.
  15. Select the check box to enable it.
  16. Click Save Settings.
  17. Click Continue when the settings are saved and close the Web browser.

 

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


  

Configure the Linksys WRT160N for Remote Access

Model: WRT160N
Hardware Version: V3
Firmware Version: 3.0.02
http://homesupport.cisco.com/en-us/wireless/lbc/WRT160N

UPnP Router Configuration

The Linksys  WRT160N broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Linksys WRT160N , Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, enter the user name and password. The default user name is blank. The default password is admin.
  3. Click the Administration tab.
  4. For UPnP, click Enabled, and then click Save Settings.
  5. Close the Web browser.

  

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Click the Applications and Gaming tab, the Port Range Forwarding page should be selected. If not, click the Port Range Forwarding tab.
  5. Enter the settings as in the screenshot below. The IP address should be the IP address of your server.
  6. Click Save Settings, and then close the Web browser.

  

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

 


 

Configure the Linksys WRT54GL for Remote Access

 

Model: WRT54GL
Version: 1.1
Firmware: v4.30.11
http://homesupport.cisco.com/en-us/wireless/lbc/WRT54GL

UPnP Router Configuration

The Linksys WRT54GL broadband router supports UPnP – a standard that simplifies router setup. If you enable UPnP in the Linksys WRT54GL, Windows SBS 2008 may be able to automatically configure your remote access settings.

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Click the Administration tab, the Management page should be selected. If not, click the Management tab.
  4. For UPnP, click Enabled, and then click Save Settings.
  5. Close the Web browser.

  

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to find and configure the remote access settings on your router.

Manual Router Configuration

If you prefer to not use UPnP, you must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

To manually configure your router

  1. Open the Web browser on your computer and enter the address for the Linksys router in the address field. The default IP address is 192.168.1.1.
  2. At the login screen, leave the User Name field blank and enter the router password. The default password is admin.
  3. Find the screen with UPnP settings and disable UPnP.
  4. Click the Applications and Gaming tab, the Port Range Forwarding page should be selected. If not, click the Port Range Forwarding tab.
  5. Enter the settings as in the screenshot below. The IP address should be the IP address of your server.
  6. Click Save Settings, and then close the Web browser.

 

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

   


 

Configure the Watchguard Firebox X20e for Remote Access

 

Model: X20e
Firmware: 10.2.12
http://www.watchguard.com/products/edge-e/overview.asp?t=main 

UPnP Router Configuration

The Firebox X20e broadband router does not support UPnP.

Manual Router Configuration

You must manually configure your router to forward the following ports to the IP address of your Windows SBS 2008 server:

Service or Protocol Port
SMTP e-mail TCP 25
HTTP Web traffic TCP 80
HTTPS Web traffic TCP 443
HTTPS Web traffic for Windows SharePoint Services through Remote Web Workplace TCP 987
VPN (if you plan to enable VPN on your Windows SBS 2008 server) TCP 1723
Remote Desktop Protocol (RDP) TCP 3389

 

To manually configure your router 

  1. Open the Web browser on your computer and enter the address for the Firebox router in the address field. The default IP address is 192.168.111.1.
  2. At the login screen, enter the user name and password. The default user name is admin. The default password is admin.
  3. Click Firewall, and then click Configure Incoming.
  4. Under Common Packet Filter Policies, for the HTTP and HTTPS, and SMTP policies, set the following:
    Filter: Allow
    Host: IP address of your server
    Port Redirect, HTTP: 80
    Port Redirect, HTTPS: 443
    Port Redirect, SMTP: 25
  5. Click Submit.
  6. Under Custom Packet Filter Policies, click Add Packet Filter Policy.
  7. Enter the following:
    Policy Name: SharePoint
    Incoming Tab, Incoming Filter: Allow
    Policy Host: type the IP address of your server
    Properties Tab, Protocol Settings: 987
  8. Click Add, and then click Submit.
  9. Repeat Step 7 and 8 for the following policies and ports:
    VPN, port 1723
    RDP, port 3389

Once the router is configured, open the Windows SBS Console, click Network, click Connectivity, and then click Connect to the Internet. The Windows SBS 2008 Connect to the Internet wizard will attempt to detect your router and configure your network.

Leave a Comment
  • Please add 3 and 4 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Chay Wesley edited Revision 54. Comment: Removed the instruction to disable the uPnP functionality on the routers which do not support uPnP (Sonicwall and WatchGuard)

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • I thought we'd done away with the need for port 3389 with SBS 2008?

    blogs.technet.com/.../port-3389-remote-web-workplace-and-the-terminal-services-gateway.aspx

    or am i missing something?

  • 3389 for RDP. See: technet.microsoft.com/.../cc513968(WS.10).aspx

  • That article says that 3389 is additional, not required.

    "Additional ports for server services and applicationsThe following table lists additional ports that you must open only if you enable the Windows SBS 2008 service or application. The IP address of the server that is running Windows SBS 2008 is the forwarding address that you use when you set up the port."

    If you're going to connect to the server via RWW (or VPN then RDP) you don't need to open 3389 at all.

  • Could you show the manual configuration on an ASA 5505 via ASDM.  Cannot get past the CTIW on SBS 2008.

  • Chay Wesley edited Revision 54. Comment: Removed the instruction to disable the uPnP functionality on the routers which do not support uPnP (Sonicwall and WatchGuard)

Page 1 of 1 (5 items)