How to configure Continuity Engine channel port firewall rules to allow only Engine's replication traffic connections
Summary
This Knowledgebase article provides information about how to configure Continuity Engine 'Channel port' firewall rule to allow only Engine's replication traffic.
Procedure
By default, Continuity Engine installation process defines the following Windows firewall inbound rules:
- Neverfail Continuity Engine - Channel port
- Neverfail Continuity Engine - Http port
- Neverfail Continuity Engine - Https port
- Neverfail Continuity Engine - Management Client port
Neverfail Continuity Engine default rules settings defined in Windows Firewall can be significantly improved to provide even stronger protection by limiting the scope of allowed connections.
The following procedure will limit the scope of the Engine channel connections only to replication traffic.
Follow these steps on each of the Continuity Engine instances (nodes):
- In the Windows Firewall With Advanced Security snap-in, select Inbound Rules.
- In the details pane, right-click the Neverfail Continuity Engine - Channel port rule, and then choose Properties.
- Click the Scope tab.
- In the Local IP Address group, select These IP Addresses and add all the Neverfail Channel IP addresses defined locally (e.g. if on Primary, add all the channel IP addresses defined on Primary)
- In the Remote IP Address group, select These IP Addresses and add all the Neverfail Channel IP addresses defined on the remote peer Engine instances (e.g. if on Primary, add all the channel IP addresses defined on Secondary and Tertiary (if present))
Note: The rest of the Continuity Engine rules may be configured in a similar manner: prior of doing this, it is strongly advised to consult the firewall configuration details presented in Neverfail Continuity Engine installation guide.
Applies to
Neverfail Continuity Engine 8.5 (or newer)
Related Articles
Neverfail Continuity Engine Firewall Configuration Requirements
Summary This Knowledgebase article provides firewall configuration requirements for Neverfail Continuity Engine. More Information When firewalls are used to protect networks, you must configure them to allow traffic to pass through specific ports ...Continuity Engine Troubleshooting - Channel Drops
This article discusses unexpected channel drops. Under normal operations, Neverfail Continuity Engine maintains continuous communications between servers using the Neverfail Channel. When communications between servers fail, the condition is referred ...Continuity Engine Product Architecture
Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...Neverfail IT Continuity Engine v8.0 - Release Notes
Summary This Knowledge base article provides information about this specific release of Neverfail IT Continuity Engine v8.0 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail IT Continuity ...How to change the Neverfail Advanced Management Client Connection Port
Summary This Knowledgebase article provides information about how to change the Neverfail Engine Management Client Connection Port. Procedure Neverfail Continuity Engine uses port 52267 as the default Advanced Management Client connection port. The ...