Firewalls › Examples of Typical Firewall Scenarios › Example - Application Tier deployed on a Separate Network › Configure an Application Tier Deployed on a Separate Network
Configure an Application Tier Deployed on a Separate Network
To configure an application tier deployed on a separate network
- These communication requirements apply to this example:
- The web application server that hosts the BusinessObjects Enterprise SDK must be able to initiate communication with the CMS on both of its ports.
- The web application server that hosts the BusinessObjects Enterprise SDK must be able to initiate communication with every BusinessObjects Enterprise server.
- The browser must have access to the http or the https Request Port on the Web Application Server.
- The web application server must communicate with all Business Objects Enterprise servers on computer boe_2 and boe_3. Configure the port numbers for each server on these computers. Note that you can use any free port between 1,025 and 65,535.
The port numbers chosen for this example are listed here:
- Central Management Server
-
6411
- Input File Repository Server
-
6415
- Output File Repository Server
-
6420
- Event Server
-
6425
- Crystal Reports Job Server
-
6435
- Program Job Server
-
6440
- Destination Job Server
-
6445
- List of Values Job Server
-
6450
- Web Intelligence Job Server
-
6455
- Web Intelligence Report Server
-
6460
- Report Application Server
-
6465
- Crystal Reports Page Server
-
6470
- Configure the firewalls Firewall_1 and Firewall_2 to allow communication to the fixed ports on the BusinessObjects Enterprise servers and the web application server that you configured in the previous step. Note that port 6400 is the default port number for the CMS Name Server Port and did not need to be explicitly configured.
In this example we are opening the HTTP Port for the Tomcat Application server.
Configuration for Firewall_1:
|
Port
|
Destination Computer
|
Port
|
Action
|
|
Any
|
boe_1
|
8080
|
Allow
|
Configuration for Firewall_2:
|
Source Computer
|
Port
|
Destination Computer
|
Port
|
Action
|
|
boe_1
|
Any
|
boe_2
|
6400
|
Allow
|
|
boe_1
|
Any
|
boe_2
|
6411
|
Allow
|
|
boe_1
|
Any
|
boe_2
|
6415
|
Allow
|
|
boe_1
|
Any
|
boe_2
|
6420
|
Allow
|
|
boe_1
|
Any
|
boe_2
|
6425
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6435
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6440
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6445
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6450
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6455
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6460
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6465
|
Allow
|
|
boe_1
|
Any
|
boe_3
|
6470
|
Allow
|
- This firewall is not NAT-enabled, so the hosts file does not need to be configured.
Copyright © 2010 CA.
All rights reserved.
|
|