...
Servers Located Behind a Firewall
In a systemthe system, while mzsh
, Desktops, ECs and web browsers act as clients.
...
For performance reasons, Audit information is logged directly from an EC to the database.
If is is unable to log Audit information directly from the EC, Audit will instead be performed through the Platform. This might happen if an external EC is unable to connect to the database in case of, for example, a network failure or if the EC has problems to connect through a firewall. To avoid this, configure the firewall so that the EC can communicate directly with the Audit database.
For information on how to setup the Audit Profile, refer to 8.4 3 Audit Profile in the Desktop user's guide.
...
Listed below are the actions that should be taken to allow communication between hosts in the systemthe system. It is assumed that the standard installation ports are used. If the default ports have been changed, replace the port numbers with the ones you are using.
- To allow
mzsh
, Desktops and EC/ECSAs to communicate with the Platform, incoming data to, and outgoing data from port6790
in the Platform Container must be allowed. To allow the Platform Web Interface be accessed from outside the firewall and for STR synchronization, incoming data to, and outgoing data from the Platform's port
9000
must be allowed.- To allow other types of synchronization between the Platform and pico instances, incoming data to, and outgoing data from port
6791
in the Platform Container must be allowed. - To allow the EC Web Interface to be accessed from outside the firewall, incoming data to, and outgoing data from the EC's port
9090
must be allowed. To allow services on the Platform and the SC
psc1
to be accessed from outside the firewall, incoming data to, and outgoing data from the following port ranges must be allowed:- 5451-5500
- 5801-5850
- To allow remote access to Execution Containers, outgoing data must be allowed on port 22.
...