Firewall Configuration Requirements for Neverfail IT Continuity Engine v7.1 and Later

Follow

Summary

This Knowledgebase article provides information about firewall configuration requirements when installing Neverfail IT Continuity Engine v8.0 and later.  

More Information

When firewalls are used to protect networks, you must configure them to allow traffic to pass through specific ports for Neverfail Engine installation and management. If using Windows Firewall, Engine Management Service can automatically configure the necessary ports for traffic. In the event that other than Windows Firewall is being used, configure the following specific ports to allow traffic to pass through:

  • Ports 9727 and 9728 for managing Neverfail Engine from the Engine Management Service
  • Port 52267 for the Client Connection port
  • Port 57348 for the Default Channel port 

Important: When installing on Windows Server 2008 R2, Microsoft Windows may change the connection type from a Private network to an Unidentified network after you have configured the firewall port to allow channel communications resulting in the previously configured firewall changes to be reset for the new network type (Unidentified).

The firewall rules must be recreated to allow traffic to pass through for the Client Connection port and the Default Channel port. Neverfail recommends that the firewall be configured to allow the Client to connect to the Client Connection port by process, nfgui.exe, rather than by a specific port. To enable Channel communications between servers, change the Network List Manager Policy so that the Neverfail Channel network is identified as a Private Network, and not the default Unidentified Network, and configure the firewall to allow traffic to pass through on Port 57348, the Default Channel port.

If using Windows Firewall, Engine Management Service can automatically configure the necessary ports for traffic. In the event that other than Windows Firewall is being used, configure the following specific ports to allow traffic to pass through:

Firewalls

• From VMware vCenter Server -> Engine Management Service

- TCP 443 / Ephemeral port range

• From VMware vCenter Server -> The protected virtual machine

- TCP 443 / Ephemeral port range

• From Engine Management Service -> VMware vCenter Server

- TCP 443 / Ephemeral port range

• From Engine Management Service -> The protected virtual machine

- TCP 7 / 445 / 135-139 / 9727 / 9728 / Ephemeral Port Range

• From the Protected Virtual Machine -> Engine Management Service

- TCP 7 / 445 / 135-139 / 9727 / 9728 / Ephemeral Port Range

• From the Protected Virtual Machine -> VMware vCenter Server

- TCP 443 / Ephemeral port range

• From Protected Virtual Machines -> VProtected Virtual Machines in Duo/Trio and back

- TCP 7 / 52267 / 57348 / Ephemeral port range

• From Management Workstation -> VProtected Virtual Machines in Duo/Trio and back

- TCP 52267 / 57348 / Ephemeral port range

Note: The default dynamic ephemeral port range for Windows 2008 and 2012 is ports 49152 through 65535. 

Applies To:

Neverfail IT Continuity Engine v7.0 and later

Related Information: 

None

 KBID-2907 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.