Windows Firewall Configuration for Dermi Atlas Professional

Automatic Configuration

Dermi Atlas Manager configures the required Windows Defender Firewall rules automatically using netsh advfirewall each time the Dermi Atlas Professional stack is started. When this step succeeds, no further configuration is required.

The automatic configuration step runs during initial installation, on every system start, on every system restart, and after backup or restore operations. Each cycle uses a delete-and-recreate approach, so the rules always match the currently configured ports. Manual modifications to a DERMI_ATLAS_* rule will be replaced on the next start.

The auto-created rules are named with the prefix DERMI_ATLAS_ followed by the port identifier. The default rule set includes:

• DERMI_ATLAS_WEBAPP_HTTP_PORT (HTTP, default port 15015)
• DERMI_ATLAS_WEBAPP_HTTPS_PORT (HTTPS, default port 15045)
• DERMI_ATLAS_WEBSOCKET_WS_PORT (WebSocket, default port 15815)
• DERMI_ATLAS_WEBSOCKET_WSS_PORT (Secure WebSocket, default port 15845)
• DERMI_ATLAS_GATEWAY_PORT (certificate management, default port 15000). This port hosts the certificate /download, /status, and /health endpoints, so it must be reachable for certificate distribution.

Each rule is inbound, TCP, and applies to the Domain, Private, and Public profiles.

The fallback procedures in the remainder of this guide apply when automatic rule creation does not succeed, such as in environments with restricted accounts, denied User Account Control prompts, or systems governed by Group Policy.

Allowing Dermi Atlas Manager

Windows usually displays a network access prompt when Dermi Atlas Manager is launched for the first time.

Action: Select Allow access for both Private and Public networks.

Verifying Settings

Dermi Atlas Manager can register two distinct types of firewall configuration: an application rule created when Windows prompts for network access on first launch, and the five port-based inbound rules created automatically via netsh on every start. Each type is inspected through a different interface.

Application Rule

1. Open Windows Security.
2. Go to Firewall & network protection => Allow an app through firewall.
3. Click Change settings (administrator privileges required).
4. Find Dermi Atlas Manager in the list. The executable is Dermi Atlas Manager.exe, installed by default to C:\Program Files\Dermi Atlas Manager\.
5. Ensure both Private and Public boxes are checked.
6. Click OK.

Port Rules

The DERMI_ATLAS_* port rules are created via netsh and do not appear in the Allow an app through firewall list. They must be inspected through Windows Defender Firewall with Advanced Security or via PowerShell.

1. Open Windows Defender Firewall with Advanced Security (run wf.msc).
2. Select Inbound Rules in the left navigation pane.
3. Sort by Name and look for entries beginning with DERMI_ATLAS_.
4. Confirm that each entry shows Enabled, action Allow, and protocol TCP.

The same check can be performed from PowerShell:

# List all Dermi Atlas firewall rules
Get-NetFirewallRule -DisplayName "DERMI_ATLAS_*" |
    Select-Object DisplayName, Enabled, Direction, Action |
    Format-Table -AutoSize

Running Dermi Atlas Manager as Administrator

The automatic configuration step uses netsh advfirewall, which requires administrator privileges. When Dermi Atlas Manager is launched as a standard user, the child process that runs netsh inherits the same privilege level and cannot modify firewall rules. Relaunching Dermi Atlas Manager as an administrator and restarting the Dermi Atlas Professional stack from inside the elevated session is typically sufficient to apply the rules without manual intervention.

1. Close Dermi Atlas Manager if it is currently running.
2. Locate the Dermi Atlas Manager shortcut, or the executable at C:\Program Files\Dermi Atlas Manager\Dermi Atlas Manager.exe.
3. Right-click the shortcut or executable and select Run as administrator.
4. Accept the User Account Control prompt.
5. From the Dermi Atlas Manager interface, restart the Dermi Atlas Professional stack so that the automatic configuration step runs with administrator privileges.
6. Re-verify the DERMI_ATLAS_* rules using the Port Rules steps above.

If the rules still do not appear after the restart, the manual procedures in the remaining sections can be used instead.

Creating Manual Inbound Rules

If running Dermi Atlas Manager as administrator does not resolve the issue, the required ports can be opened manually through Windows Defender Firewall with Advanced Security. Dermi Atlas Manager uses TCP for all five ports, so no UDP rules are required.

1. Open Windows Defender Firewall with Advanced Security.
2. Select Inbound Rules => New Rule.
3. Select Port and click Next.
4. Select TCP and enter the required ports. The default values are 15015, 15045, 15815, 15845, and 15000 (the gateway certificate management port).
5. Click Next.
6. Select Allow the connection.
7. Apply the rule to the Domain, Private, and Public profiles.
8. Name the rule (for example, Dermi Atlas Professional) and click Finish.

Using PowerShell

The following commands must be executed from a PowerShell session opened as Administrator:

# Allow HTTP (adjust port if needed)
New-NetFirewallRule -DisplayName "Dermi Atlas Professional - HTTP (15015)" -Direction Inbound -Protocol TCP -LocalPort 15015 -Action Allow

# Allow HTTPS (adjust port if needed)
New-NetFirewallRule -DisplayName "Dermi Atlas Professional - HTTPS (15045)" -Direction Inbound -Protocol TCP -LocalPort 15045 -Action Allow

# Allow WebSocket (adjust port if needed)
New-NetFirewallRule -DisplayName "Dermi Atlas Professional - WS (15815)" -Direction Inbound -Protocol TCP -LocalPort 15815 -Action Allow

# Allow Secure WebSocket (adjust port if needed)
New-NetFirewallRule -DisplayName "Dermi Atlas Professional - WSS (15845)" -Direction Inbound -Protocol TCP -LocalPort 15845 -Action Allow

# Allow Gateway certificate management (adjust port if needed); serves the certificate /download, /status, and /health endpoints
New-NetFirewallRule -DisplayName "Dermi Atlas Professional - Gateway (15000)" -Direction Inbound -Protocol TCP -LocalPort 15000 -Action Allow