I am attempting to get APC's software working on my network. I am running a DMZ environment and I will need the network card in the SmartUPS, which is connected to my secure LAN, to communicate with the servers in my DMZ.
I have contacted APC and they have told me that port 3052 TCP needs to be open and ports 80, 160, and 161 UDP need to be open. I have tried with no success to get this to function. Can someone please provide me with a list of steps that should be taken to open these ports appropriately? Instead of me trying to explain everything I've tried, I think it would be easier if someone who worked with ISA every day were to post their recommendation.
So, the first important step is to know if this is an inbound or outbound issue. For inbound you need to create server publishing rules. For outbound you need to configure the necessary protocol and site&content rules. Also, it might be necessary to create first the protocol definitions.
What have you tried so far? Please post *exact* info!
Alright, well I have created the protocol a few different ways in ISA. I first setup a protocol with the following specs: 3052 TCP outbound 3052 TCP Inbound 80 UDP Receive/Send 80 UDP Send/Receive 160-161 UDP Receive/Send 160-161 UDP Send/Receive
I have also tried setting this protocol up specifying 160 and 161 rules separately. Using these protocols, I setup a Server Publishing Rule to route traffic to the internal IP address of the Network Management Card. Neither of these was successful in allowing the program to communicate through ISA.
Next I tried setting up two protocols, one for outbound and one for inbound. So outbound had: 3052 TCP Outbound 80 UDP Send/Receive 160-161 UDP Send/Receive And Inbound had: 3052 TCP Inbound 80 UDP Receive/Send 160-161 Receive/Send And I setup a server publishing rule using the inbound protocol and a Protocol rule for the outbound protocol. Again, this method did not allow the program to communicate through the firewall.
I'm fairly familiar with ISA now, and I really was sure I could get this setup correctly... but I guess I must have missed something. APC simply isn't any help. They say that if I can open the ports, then it will work. Other than that they can't help me.
If there is nothing more I can try that anyone can recommend, how about some more information as to how I would test to see if these ports are actually open. I have tried used HyperTerminal from a machine outside of ISA to connect to the external IP of the ISA at port 3052. This SHOULD route the request to the Network Management card in the UPS. Hyperterminal reads "Connected" for exactly one second and then disconnects. I don't know if that means it's actually getting through for a second, or if ISA takes that long to reject the connection.
if the vendor can't give you exact info then you should not use their products or be willing to find it out yourself!
I suggest you record a session with your favorite Sniffer (check out http://www.ethereal.com for a free one) on a workstation placed outside of ISA. Then sit back and thoroughly analyze the recording. You should be able to find out which TCP/UDP ports are used and in which direction.
With that knowledge you can then configure the correct protocol definitions, protocol and site&content rules and/or publishing rules. To test them out, check out http://www.isatools.org . You'll find there an excellent Winsock Tool.
PowerChute Network Shutdown utilizes the following TCP/IP ports: 3052, 80, 161 and 162. However, currently APC PowerChute Network shutdown (PCNS) does not supports MS ISA 2004. Using PCNS with this operating system will result incompatibility issue with the OS.
If you have any further, queries, please feel free to contact us.
Sounds like they were about as much help to you as they were for me. First off, in their response they refer to ISA 2004 as an operating system. hmm... second they didn't specify AT ALL how to open those ports.
*sigh*... well, my solution is to purchase a 2nd Network Card for my SmartUPS and setup one NIC on my Internal Network and the 2nd NIC on my DMZ. Wish me luck.
I have also installed the APC Network Management Card on our W2K/ISA2000 Server Farm. I was able to assign an IP address and access the Network Card and the management software but have been unable to access the PowerChute Network Shutdown Software. To access this configuration gui you are asked to enter http://127.0.0.1:3052 on the local machine. The error message is 10061 Connection Refused. My guess is that the request is not being sent to the local machine, but I am not sure how to keep the request at the local machine. Any ideas?
RE: APC Powerchute Network Shutdown Communication - 18.Aug.2005 11:32:00 AM
And why is the APC daemon at http://www.apcupsd.org superior to Windows' built-in UPS support? I gave up on Powerchute because it wouldn't add a configuration, and decided that the built-in UPS support was sufficient. It can hibernate the system when 10% or less battery power is available, shut down if 3% is reached. Good enough for me.
Anyone get Network shutdown working on ISA. I sent a support request to APC and they told me the same crap about Microsoft ISA 2004 being an Operating System they don't support. When I use Network Monitor or ISA Monitoring feature all I see blocked is the broadcast packets sent to UDP 3052 from the APC device. I don't see any communications from UDP ports 160-161 logged in ISA monitor. This issue has been around for a long time. Has nobody found a solution or are we just pointing fingers at APC?
spouseele-Can you think of any better battery backup products with network shutdown capabilities that work with ISA? The product seems pretty good to me besides this downfall. Maybe I just need to connect ISA to the APC Symmetra unit via serial cable.