Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Aloha Firewall Rules (complete for new firewall setup)

Status
Not open for further replies.
Abard

Abard

IS-IT--Management
Oct 18, 2013
14
US
Hello, I am trying to setup a new firewall (pfSense) and trying to include all of the rules that I need to Aloha while still being PCI Compliant. There was a post prior that listed some general rules ( but it doens't seem complete. I also have an export from an NCR WatchGuard but the XML is just a mess considering that they reshape In/Out rules with types, etc. I also have the Bat file for Windows Firewall but that seems just for incoming ports and some application allowances.

I was wondering if anyone has a complete list of rules that need to be added or blocked. Or if someone is using pfSense as their firewall solution, maybe you can export your rule set and purge any privet information and share?

I would appreciate any help and worse comes to worst, if we can all contribute some rules/settings we will have resource for the future.

Thanks.


Here is the .bat for Windows 7 netsh command

I can also post the WatchGuard XML if requested.

XML: 
echo ******************************RAL Port exception*************************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11000 name = RAL_UDP_11000
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11001 name = Aloha_RAL_UDP_Listen_11001
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11002 name = Aloha_RAL_UDP_Send_11002
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 11000 name = Aloha_RAL_TCP_11000
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 11001 name = Aloha_RAL_TCP_Listen_11001
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 11002 name = Aloha_RAL_TCP_Send_11002


echo ******************************ACL Port exception*************************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 49214 name = ACL_UDP_49214_BaseLocalportDiscovery
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 49215 name = ACL_TCP_49215_FrontOfHouse_TCP
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 49216 name = ACL_UDP_49216_FrontOfHouse_UDP
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 49217 name = ACL_DCP_49217_Discovery_DCP
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 49218 name = ACL_TCP_49218_CtlSvr_TCP
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 49219 name = ACL_UDP_49219_CtlSvr_UDP
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 49221 name = ACL_TCP_49221_RFS_TCP
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 49222 name = ACL_UDP_49222_RFS_UDP
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 12345 name = ACL_UDP_Multicast_Discovery_HelloLocalport
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 12346 name = ACL_UDP_Multicast_Discovery


echo ******************************XCom Port exception*************************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 49214 name = Aloha_XCom_TCP_49214
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 49215 name = Aloha_XCom_TCP_49215

echo ******************************Aloha CAP Port exception*************************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8194 name = Aloha_CAP_TCP_8194
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 8194 name = Aloha_CAP_UDP_8194


echo ******************************ALOHA KITCHEN Port exceptions**************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9088 name = AK_Interface_TCP_9088
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11011 name = AK_Broadcast_Mgr_UDP_11011
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 13555 name = AK_File_Sharing_TCP_13555
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9090 name = AK_9999_TCP_9090
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11011 name = AK_Broadcast_Mgr_UDP_11011
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 1221 name = AK_Databus_Discovery_UDP_1221
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 1222 name = AK_Databus_Comm_TCP_1222
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 1333 name = AK_Databus_Discovery_UDP_1333
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 14770 name = AK_Instance_TCP_14770

echo ******************************ALOHA ENGINE DATABUS Port exceptions*******************************
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8019 name = ALERT_ENGINE_DATABUS_TCP_9018

echo ******************************ALOHA TAKEOUT Port exceptions**************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8020 name = ATO_TCP_8020
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8020 name = ATO_HTTP_8020
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9020 name = ATO_HTTP_9020
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8021 name = ATO_TCP_8021
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9021 name = ATO_TCP_9021
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 8020 name = ATO_UDP_8020
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 8021 name = ATO_UDP_8021
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9600 name = ATO_TCP_9600_AKInterface
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 10550 name = ATO_TCP_10550_InterceptRemoting
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 10551 name = ATO_TCP_10551_InterceptRemoting
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 21769 name = ATO_UDP_21769_ServiceDiscoveryLocalport

echo ******************************ALOHA ONLINE Port and IP exceptions**************************************
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8082 name = AOO_TCP_8082
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 80 name = AOO_HTTP_80
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 443 name = AOO_TCP_443
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9080 name = AOO_TCP_9080
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8888 name = AOO_TCP_8888
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 4430 name = AOO_UDP_4430
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9888 name = AOO_UDP_9888

netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.25 name = AOO_IP


echo ****************************Aloha POS Port and Program exceptions********************************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 135 name = Aloha_TCP_135
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 135 name = Aloha_UDP_135
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 445 name = Aloha_TCP_RFS_445
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 445 name = Aloha_UDP_RFS_445
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 60050 name = Aloha_TCP_RFS_60050
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 60050 name = Aloha_UDP_RFS_60050
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 12345 name = Aloha_UDP_RFS_12345
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 12346 name = Aloha_UDP_RFS_12346
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\BIN\CTLSvr.exe name = Aloha_CTLSv_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\BIN\EdcSvr.exe name = Aloha_EDCSvr_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\BIN\RFSSvr.exe name = Aloha_RFSSvr_Program 
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\BIN\IberQS.exe name = Aloha_IBERQS_Program 
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\BIN\Iber.exe name = Aloha_IBER_Program 

echo ****************************Aloha EDC Port exceptions********************************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 443 name = Aloha_TCP_EDC_443
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 443 name = Aloha_UDP_EDC_443

echo ****************************NCR Aloha Transaction Gateway Port and Program exceptions********************************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8899 name = Aloha_TCP_ATG_8899
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 8899 name = Aloha_UDP_ATG_8899

netsh advfirewall firewall add rule dir =in action = allow program = %ATGDIR%\ATG\Bin\AlohaTransactionGateway.exe name = Aloha_ATG_Program 
netsh advfirewall firewall add rule dir =in action = allow program = %ATGDIR%\ATG\Bin\ATGHelperService.exe name = Aloha_ATG_Helper_Program 


echo ****************************Command Center Port and Program exceptions***************************

netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\RDF\pvnc.exe name = CMC_pvnc_Program 
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\pollcheck.exe name = CMC_Heartbeat_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\hbproxy.exe name = CMC_HBProxy_Program 
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\rdf\hbprint.exe name = CMC_HBPrint_Program 
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\rdf\cmcproxy.exe name = CMC_Proxy_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\bin\hbutil.exe name = CMC_HBUtil_Program 

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9151 name = CMC_RDF_Term_Relay
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9150 name = CMC_RDF_Term_Server
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9157 name = CMC_RDF_Term_Transfer
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 11000 name = CMC_TCP_11000
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11001 name = CMC_UDP_11001
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 11002 name = CMC_UDP_11002
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9200 name = CMC_UVNC
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9200 name = CMC_UVNC2

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9201 name = CMC_UVNCt1
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9201 name = CMC_UVNCt1a

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9202 name = CMC_UVNCt2
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9202 name = CMC_UVNCt2a

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9203 name = CMC_UVNCt3
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9203 name = CMC_UVNCt3a

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt4
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt4a

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt5
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt5a
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt6a
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt6
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt7a
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt7
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt8a
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt8
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt9a
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt9
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9204 name = CMC_UVNCt10a
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 9204 name = CMC_UVNCt10

echo ***********************Aloha Insight Ports and Program exceptions**********************

netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\AlohaFTP.exe name=Aloha_Insight_FTP_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\Alohas.exe name=Aloha_Insight_Alohas_Program 

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 20 name = Aloha_Insight_FTP_Download
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 21 name = Aloha_Insight_FTP_Download
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 80 name = Aloha_Insight_PollCHeck_80_http
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8080 name = Aloha_Insight_PollCHeck_8080_http
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 80 name = Aloha_Insight_PollCHeck_80_tcp
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8080 name = Aloha_Insight_PollCHeck_8080
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 443 name = Aloha_Insight_PollCHeck_443


echo ***********************Aloha Loyalty Ports exceptions**********************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9099 name = Aloha_Loyalty_TCP_9099 
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9999 name = Aloha_Loyalty_TCP_9999 

netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.92 name = Aloha_Loyalty_IP


echo ***********************Aloha Guest Manager Ports exceptions**********************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8095 name = AGM_TCP_8095 
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 443 name = AGM_TCP_443 
netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 22769 name = AGM_UDP_22769 
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport =9149 name = AGM_TCP_9149 


echo ***********************Aloha Stored Value Ports and Program exceptions**********************

netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\VBODiag.exe name = Aloha_Stored_Value_VBODiag_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\StoredValue.Boh.App.exe name = Aloha_Stored_Value_BoH_Program
netsh advfirewall firewall add rule dir =in action = allow program = %iberdir%\ftp\StoredValue.BoH.UpdateService.exe name = Aloha_Stored_Value_Update_Program
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 80 name = Aloha_Stored_Value_HTTP_80 
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8080 name = Aloha_Stored_Value_HTTP_8080
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 443 name = TCP_443_Aloha_Stored_Value
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8084 name = TCP_8084_Aloha_Stored_Value

netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.91 name = ecard.alohaenterprise.com  
netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.91 name = vbo.alohaenterprise.com  

echo ***********************Pulse Ports and IPs exceptions**********************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9801 name = Pulse_9801
netsh advfirewall firewall add rule dir = in action = allow remoteip = 38.107.252.90 name = Pulse_IP1   
netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.88 name = Pulse_IP2   
netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.90 name = Pulse_IP3   
netsh advfirewall firewall add rule dir = in action = allow remoteip = 38.107.252.90 name = Pulse_IP4   


echo ****************************Aloha Mobile Pay Port and IP exceptions********************************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9801 name = Mobile_Pay_TCP_9801

netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.88 name = Mobile_Pay_IP1
netsh advfirewall firewall add rule dir = in action = allow remoteip = 38.107.252.20 name = Mobile_Pay_IP2
netsh advfirewall firewall add rule dir = in action = allow remoteip = 38.107.252.90 name = Mobile_Pay_IP3
netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.41 name = Mobile_Pay_IP4
netsh advfirewall firewall add rule dir = in action = allow remoteip = 206.123.121.41 name = Mobile_Pay_IP5


echo ****************************Aloha Mobile Ports exceptions********************************

netsh advfirewall firewall add rule dir = in action = allow protocol = UDP localport = 25000 name = Aloha_Mobile_UDP_25000
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 7788 name = Aloha_Mobile_TCP_ATG_7788
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8898 name = Aloha_Mobile_TCP_8898
netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 8899 name = ALOHA_MOBILE_TCP_8899

echo ****************************Level Up Ports********************************

netsh advfirewall firewall add rule dir = in action = allow protocol = TCP localport = 9001 name = LevelUp_9001
 
Status
Not open for further replies.

Similar threads

ianlinzey
  • Locked
  • Question
Aloha lab
Replies
2
Views
577
joshguan
joshguan
Sirmaxmagic
  • Locked
  • Question
NCR Aloha POS // Pricing LIst
Replies
0
Views
481
Sirmaxmagic
Sirmaxmagic
J
  • Locked
  • Article
Aloha POS DB25 to RJ45 Adapter Pinouts
Replies
0
Views
248
Jaybird0501
J
ThisnThat15
  • Locked
  • Question
Aloha Help - Updating Item Prices via Database
Replies
1
Views
473
shawnfv
shawnfv
ebaydan777
  • Locked
  • Question
Aloha POS - Minimum Transaction Amount Setup
Replies
0
Views
133
ebaydan777
ebaydan777

Part and Inventory Search

Sponsor

Back
Top