This article applies to:
Question:
- What are the different ports that need to be opened when installing the WebMarshal Array Nodes in the DMZ?
- Can WebMarshal be installed in a DMZ?
- What are the different installation scenarios for WebMarshal?
Information:
There are two different installation scenarios for WebMarshal. They are:
- The Array Manager and Array Nodes are installed on the Internal Network (recommended)
- The Array Manager is installed on the Internal Network and the Array Nodes in the DMZ
Note: Trustwave recommends that the WebMarshal Array Manager and Array Nodes are all installed on the Internal Network.
- WebMarshal authentication requires access to user information from AD or Novell.
- As best security practice the required ports should not be open to the DMZ.
Ports Required:
The following ports needs to be opened (outbound from the trusted network unless noted otherwise) for the different installation scenarios:
|
|
Array Manager and Array Nodes installed on the Internal Network |
Array Manager installed on the Internal Network and the Array Nodes in the DMZ
|
|
TCP (HTTP) outbound
|
80
|
|
|
TCP (Alternative HTTP) outbound
|
8080 (or other alternate ports - some content delivery sites require this)
|
8080
(or other proxy port as configured)
|
|
TCP (HTTPS) outbound
|
443 (occasionally other ports are also used)
|
|
|
TCP/UDP (DNS) inbound (to resolve AD)
|
|
53
|
|
TCP/UDP (NetBIOS) - Windows Authentication inbound
|
|
137, 138, 139
|
|
TCP/UDP (SMB) - Windows Authentication inbound
|
|
445
|
|
TCP (Array Manager-node communication): Internal Network to DMZ)
|
|
19102
|
|
TCP (Array Manager-Node communication): TCP - DMZ to Internal Network
|
|
19101
|
|
If Novell authentication in use (User Authentication TCP/NCP)
|
|
427
|
|
If Novell authentication in use (User Authentication SLP TCP/UDP)
|
|
524
|