Q

PC Anywhere through the firewall

I want to set up PC Anywhere on my computer so that I can manage it from home when I'm not available. I need to know how to set it up when I have a Raptor Firewall. How do I get through the firewall? The version of firewall I have doesn't have VPN capabilities, so this is the next best thing I can use over the Internet.
There are two solutions to this, depending on how your Internet connection is configured. For any solution to work you must have access to the firewall rules and be able to change them. PC Anywhere does allow translated IP addresses.

The first solution is straightforward. You should setup and static NAT translation rules that maps your inside IP address (your workstation) to an outside address, and rule that allows port numbers 5631 and 5632 to the inside address. PC Anywhere is a dynamic conversation and this will dynamically allocate port numbers as required so you also need to set the rule to allow established connections. For example, let's say you machine is 10.10.10.10, and you have a spare public address of 203.203.203.1. Set a static NAT inbound translation so that connections coming in on 203.203.203.1 are translated to 10.10.10.10. You then set up a rule that only allows traffic for ports 5631 and 5632 to cross the inbound translation. Voila, job done.

For many Internet connections, you may not have a spare IP address on the outside, in this case you have to configure port address translation. This is the same as the example above, except you will have to use an address that is already used for other services. Then you are translating ports to an inside IP address and this is known as Port Address Translation. This is explained in more detail in the Raptor manual.

A few notes and gotchas:

Sometimes the port numbers for PC Anywhere change, depending on version. You can find a list of ports numbers that PC Anywhere uses by default here: http://service1.symantec.com/SUPPORT/pca.nsf/pfdocs/1998122810210812

I would strongly recommend that you do NOT use the default port numbers. You can change the port numbers used somewhere inside PC Anywhere; contact Symantec if you need help. Imagine I were a hacker and did a port scan on your firewall, saw a response from 5631 and 5632, I know what I would be doing next?.. and then I would know what you have been doing.

Symantec Raptor has large number of patches. It is a well known issue that you must keep the patches up to date if you are installing something -- mysterious things happen on Raptor systems and the patches always fix them. Have them ready when you go to configure this.

You should also go to some lengths to set up good security on your PC Anywhere host. PC Anywhere supports encrypted passwords and encrypted traffic flows, but you must configure it to do so. Take some time and read the manuals on this. Note: there is a possibility that encrypted traffic flows will break the NAT process; look out for it when you are testing.


This was first published in May 2001

Dig deeper on Network Security Best Practices and Products

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close