To the knowledge base

Configuring a firewall for FRITZ!VPN

The FRITZ!VPN software allows you to establish a secure VPN (Virtual Private Network) connection over the internet to your FRITZ!Box and access all of the devices and services in the home network of your FRITZ!Box.

If the computer with FRITZ!VPN is protected by a firewall on the computer or an upstream router, you may have to open ports and enable IP protocols in the firewall that are required by FRITZ!VPN before you can establish a VPN connection:

1 Configuring the firewall

By default, the settings required for FRITZ!VPN are enabled in all FRITZ!Boxes and do not have to be configured manually. Make sure that any additional firewalls on the computer or an upstream router are also set up for FRITZ!VPN:

  1. Configure the firewall to allow incoming and outgoing connections for the following ports and IP protocols:
    • UDP port 53 (DNS)
    • UDP port 500 (ISAKMP)
    • UDP port 4500 (NAT traversal)
    • ESP ("Encapsulated Security Payload", IP protocol number 50)

      Note:The option for enabling the ESP protocol is often also called "IPsec Passthrough". You can find information on how to configure it in the manual, or consult the manufacturer of the firewall or router directly.