Firewall Checker; parallelize check of ports 9000-9500

Discussion in 'Ideas' started by John Ranger, Oct 18, 2017.

Firewall Checker; parallelize check of ports 9000-9500 3 5 1votes
3/5, 1 vote

  1. John Ranger

    Joined:
    Jan 14, 2017
    Messages:
    23
    Likes Received:
    8
    Hi all,

    I am currently running the Firewall checker against our V15.5 3CX PBX and it takes about 3/4 of a Minute for each port to check (they all pass fine).

    For the 500 ports this will take 0.75*500= 6.5h during this time our PBX will be offline.

    Why not simply open up 500 parallel threads and check all those ports at once? Takes surely only 2-3 minutes to check all ports instead of doing this sequencial.

    This should be extremely easy to be implemented - from my technical Point of view.

    With Kind regards,

    John
     
  2. Silly English Kniggit

    Joined:
    Sep 13, 2017
    Messages:
    220
    Likes Received:
    81
    It should not take anything like that long! 5 mins is typical, 10 mins is a long time.
    I don't know why it should take this long for you - perhaps something in your firewall setup? Perhaps the 3CX STUN server was under heavy load.

    I agree with the principle - but I can see that some firewalls might lock down if 3CX suddenly opened up all those threads in parallel?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. John Ranger

    Joined:
    Jan 14, 2017
    Messages:
    23
    Likes Received:
    8
    As Long as all to-be-scanned ports are configured to be open and passed through to an internal machine, a Firewall - by principle - never must shut down communications. How otherwise shall the proper communication through the Firewall be accomplished? The Firewall does not know how many ports an app Needs between source and Destination...

    So my Suggestion would be to make it a choise to do the scan in parallel or in sequence. With that the 3cx admin can work around either the Problem with slow scanning or should really a Firewall cut the communication because of too much ports opened at the same time.

    With Kind regards,

    John