This Knowledgebase article provides information about installing Neverfail in an environment that incorporates firewalls.
When the network architecture incorporates firewalls, it is important to configure any firewalls to permit traffic via the configured TCP ports on the Neverfail Channel. The Neverfail Channel is used during installation for cloning operations and is used to carry data replication traffic during normal operation of Neverfail Heartbeat. Firewalls operating on the Neverfail Channel will prevent Neverfail Heartbeat from successfully installing.
The Neverfail Heartbeat Management Client uses ephemeral TCP ports. Neverfail recommends that if the Neverfail Heartbeat Management Client is run from another computer (for example, not one of the protected servers), that it should be on the same LAN subnet which permits traffic through the TCP ephemeral ports.
Note: For more information about Neverfail Heartbeat and the use of ephemeral ports, see Knowledgebase article #1347 - Neverfail Client Connection Ports .
If the Neverfail Heartbeat Management Client cannot operate in the same subnet as the server cluster, Neverfail recommends that firewalls be configured to permit traffic based upon the Neverfail Heartbeat process rather than configuring for specific client connection ports.
It is advised that if a customer has a firewall client installed on the Primary server it should be:
- Disabled through the system tray icon BEFORE installation commences.
- Configured to pass all Neverfail traffic.
The firewall client will hinder operation of the Neverfail channel and Neverfail Heartbeat Management Client.
In a WAN environment, firewalls residing on the network should be configured to pass packets on the Neverfail ports.
Please refer to Knowledgebase article #280 - 'Neverfail Heartbeat Management Client, Firewalls and Exchange' for more information on configuring firewalls with Neverfail installed.