Firewall Configuration Requirements for Neverfail IT Continuity Engine v7.1 and Later

Follow

Summary

This Knowledgebase article provides information about firewall configuration requirements when installing Neverfail IT Continuity Engine v8.0 and later.  

More Information

When firewalls are used to protect networks, you must configure them to allow traffic to pass through specific ports for Neverfail Engine installation and management. If using Windows Firewall, Engine Management Service can automatically configure the necessary ports for traffic. In the event that other than Windows Firewall is being used, configure the following specific ports to allow traffic to pass through:

  • Ports 9727 and 9728 for managing Neverfail Engine from the Engine Management Service
  • Port 52267 for the Client Connection port
  • Port 57348 for the Default Channel port 

Important: When installing on Windows Server 2008 R2, Microsoft Windows may change the connection type from a Private network to an Unidentified network after you have configured the firewall port to allow channel communications resulting in the previously configured firewall changes to be reset for the new network type (Unidentified).

The firewall rules must be recreated to allow traffic to pass through for the Client Connection port and the Default Channel port. Neverfail recommends that the firewall be configured to allow the Client to connect to the Client Connection port by process, nfgui.exe, rather than by a specific port. To enable Channel communications between servers, change the Network List Manager Policy so that the Neverfail Channel network is identified as a Private Network, and not the default Unidentified Network, and configure the firewall to allow traffic to pass through on Port 57348, the Default Channel port.

If using Windows Firewall, Engine Management Service can automatically configure the necessary ports for traffic. In the event that other than Windows Firewall is being used, configure the following specific ports to allow traffic to pass through:

Firewalls

• From VMware vCenter Server -> Engine Management Service
– TCP 443 / 9727 / 9728 / Ephemeral port range
• From VMware vCenter Server -> Engine Server node
– TCP 443 / Ephemeral port range
• From Engine Management Service -> VMware vCenter Server
– TCP 443 / 9727 / 9728 / Ephemeral port range
• From Engine Management Client -> Engine Server node
– TCP 7 / 445 / 135-139 / 9727 / 9728 / Ephemeral Port Range
• From Engine Server node -> Engine Management Service
– TCP 7 / 445 / 135-139 / 9727 / 9728 / Ephemeral Port Range
• From Engine Server node -> VMware vCenter Server
– TCP 443 / Ephemeral port range
• From Engine Server node -> Engine Server node in Duo/Trio and back
– TCP 7 / 52267 / 57348 / Ephemeral port range or NFServerR2.exe (recommended)
• From Advanced Management Client -> Engine Server node in Duo/Trio and back
– TCP 52267 / 57348 / Ephemeral port range or NFServerR2.exe (recommended)

Note: The default dynamic ephemeral port range starting from Windows 2008 is from 49152 to 65535.

Applies To:

Neverfail IT Continuity Engine v7.0 and later

Related Information: 

None

 KBID-2907 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.