London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!
London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!
Product version: |
EPiServer CMS 4.62 |
Document version: |
1.0 |
Document creation date: |
07-06-2006 |
Document last saved: |
05-10-2007 |
This technical note describes how to configure and set up firewalls that will carry traffic between different servers used by EPiServer CMS.
Using DNS for Name Resolution
Authentication against LDAP Authentication against Windows Domain Using Microsoft SQL ServerThis is a worst-case scenario, where a firewall separates the EPiServer CMS Web server from all other servers that we want to communicate with. It might not be a realistic example, but it illustrates all the firewall configurations that may be required. Note that the arrows are drawn so as to illustrate the source (arrow tail) and destinations (arrow head) as described in the text.
If any of the servers that you are communicating with is referenced with the DNS name rather than the server's IP address, you need to allow for DNS communication from the EPiServer CMS Web server to the DNS server. Open for DNS according to the DNS service description below.
If you are authenticating with forms-based logon, you only need to open for the LDAP service (see below) from EPiServer CMS Web server to the LDAP server.
Note If you enter the LDAP server name as an IP address, you do not need to open up for DNS name resolution. In an Active Directory configuration, you may receive several server references when asking for an LDAP server. Be sure to allow for LDAP communication to all those servers.
If you are using Windows Integrated logon (which may be combined with LDAP authorization in an Active Directory scenario), you will also need to open the firewall as described in Authentication against Windows Domain.
When using Windows Integrated logon for authentication, the EPiServer CMS Web server needs to communicate with a Windows Domain Controller, unless you are logging on with a Windows account that is local to the Web server. Open the firewall for Windows Authentication as described below.
When using Microsoft SQL Server installed on a separate server, you need to allow for TDS communication. Open the firewall for SQL Server communication as described in Service Definitions below.
When using Oracle Database Server, you need to open the firewall according to the Oracle server definition below.
The following definitions of the different services have been used during our testing.
LDAP
DNS
SQL Server
Oracle Server
Windows Authentication
Note that the Windows Domain Authentication scheme relies heavily on SMB traffic and also does dynamic end-point mapping. This makes it necessary to open up a lot of ports/traffic in a firewall to allow Windows Authentication to work properly.