How to configure Continuity Engine channel port firewall rules to allow only Engine's replication traffic connections

How to configure Continuity Engine channel port firewall rules to allow only Engine's replication traffic connections

Summary

This Knowledgebase article provides information about how to configure Continuity Engine 'Channel port' firewall rule to allow only Engine's replication traffic.

Procedure

By default, Continuity Engine installation process defines the following Windows firewall inbound rules:

  1. Neverfail Continuity Engine - Channel port
  2. Neverfail Continuity Engine - Http port
  3. Neverfail Continuity Engine - Https port
  4. Neverfail Continuity Engine - Management Client port
Neverfail Continuity Engine default rules settings defined in Windows Firewall can be significantly improved to provide even stronger protection by limiting the scope of allowed connections.

The following procedure will limit the scope of the Engine channel connections only to replication traffic.
Follow these steps on each of the Continuity Engine instances (nodes): 
  1. In the Windows Firewall With Advanced Security snap-in, select Inbound Rules.
  2. In the details pane, right-click the Neverfail Continuity Engine - Channel port rule, and then choose Properties.
  3. Click the Scope tab. 

  4. In the Local IP Address group, select These IP Addresses and add all the Neverfail Channel IP addresses defined locally (e.g. if on Primary, add all the channel IP addresses defined on Primary)
  5. In the Remote IP Address group, select These IP Addresses and add all the Neverfail Channel IP addresses defined on the remote peer Engine instances (e.g. if on Primary, add all the channel IP addresses defined on Secondary and Tertiary (if present))

Note: The rest of the Continuity Engine rules may be configured in a similar manner: prior of doing this, it is strongly advised to consult the firewall configuration details presented in Neverfail Continuity Engine installation guide.

Applies to

Neverfail Continuity Engine 8.5 (or newer)


    • Related Articles

    • Neverfail Continuity Engine Firewall Configuration Requirements

      Summary This Knowledgebase article provides firewall configuration requirements for Neverfail Continuity Engine. More Information  When firewalls are used to protect networks, you must configure them to allow traffic to pass through specific ports ...
    • Continuity Engine Troubleshooting - Channel Drops

      This article discusses unexpected channel drops. Under normal operations, Neverfail Continuity Engine maintains continuous communications between servers using the Neverfail Channel. When communications between servers fail, the condition is referred ...
    • Continuity Engine Product Architecture

      Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...
    • Neverfail IT Continuity Engine v8.0 - Release Notes

      Summary This Knowledge base article provides information about this specific release of Neverfail IT Continuity Engine v8.0 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail IT Continuity ...
    • Reference: Continuity Engine Product Architecture

      Summary This Quick Reference provides an overview of the key concepts and components of Neverfail Continuity Engine product architecture: More Information Key Concepts and Components Component / Concept Description Active-Passive Server Pair ...