on 06-10-2014 5:49 PM
Hi Expert,
I'm configuring a mobile solution based on Relay server, SMP 2.3, REx 3.2 and CRM server. I need some information/confirmation about the network ports I should open in my internal and external firewalls. Hereunder is reported the logical architecture and the ports that should be used:
Are the ports indicated correct? Do I have to consider further ports?
Any suggestion will be appreciated..
Thanks
g.
Tags edited by: Michael Appleby
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Not clear from the diagram which direction the ports are being opened for, but doesn't look correct to me..
Based on implementation I have done for REX 3.2 with CRM these are the ports that should be opened.
IPAD -> Relay Server (INBOUND)
Port 443 should be open
Port 80 should only be open if you are not going to use SSL (not recommended)
Relay Server -> IPAD (OUTBOUND)
None required
Relay Server -> SMP (INBOUND)
None Required. Using RSOE makes outbound connection from SMP to Relay Server. Communication between the Relay Server and SMP is then always performed via this connection (just like Reverse Invoke).
SMP -> Relay Server (OUTBOUND)
Port 443 should be open if going to use SSL or
Port 80 should be open if not going to use SSL.
You should also have a port open for administration purposes (e.g. RDP port if is Windows server)
For example, you could use SSL from iPAD to Relay Server (so open port 443) and non-SSL from SMP to Relay Server (so open port 80). Other combinations are possible. Depends on what your company security requirements are.
If SMP and CRM are on the same network (no Firewalls between) them then you don't need to worry about the ports. if however there is, then:
SMP -> CRM (INBOUND)
Need to open ports for RFC Connection (SMP connects to CRM via JCO)
CRM -> SMP (OUTBOUND)
Port 8000 (non-SSL) for DCN.
Port 8001 ? (SSL) for DCN (not sure on this).
Of course if you have a firewall between your internal network and SMP then you will also need to open other ports like RDP (assuming Windows), SCC Port etc.
Thanks
Colin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you're using Relay Server in your landscape, I don't believe you need all those ports opened. You seem to be missing the RSOE(s) in your diagram which makes an *outbound* connection to the Relay Server(s) in your DMZ. You may wish to take a look at this documentation:
Thanks,
Andrew.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The RSOE(s) typically make an outbound connection to your Relay Server(s) on port 80 or 443 only. Based on your configured FarmID, it comes back into the network on the required port (e.g. 5001, 8000, etc.) On the devices, you specify FarmID and port 80 or 443 to your Relay Server(s).
Thanks,
Andrew.
All the ports mentioned by you are correct and should be good for your architecture, I also suggest below ports:
1) 2000- managemant port
2) 2001 - secure management port
Thanks,
Shiv
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for your feedback Shiv.
I would like to understand if It's mandatory to open the ports 8000 and 8001 in the internal firewall. From my understanding, in my scenario, the port 8000 is used only by the CRM for data change notification purposes. Due to the fact that CRM and SMP are in the same network I don't need to open this port in the internal firewall. Is this correct? is the port 8000 used for other purposes (for instance from the iPad)?
thanks in advance for your collaboration.
BR
g.
User | Count |
---|---|
94 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.