Search the Community
Showing results for tags 'firewall'.
Found 4 results
Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs. I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate. There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally. FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4. There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy. It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure. Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.
I'm running Filemaker Server behind a NAT firewall in my data centre, and it mostly works fine. The server is bound to a 192.168.1.xxx IP address, and the firewall which it's behind, uses NAT to forward the external public IP address to the internal IP address which the server is on. All this works fine, except that on the Group Start Page, the "WEBD" buttons link to the internal 192.168.1.xxx IP numbers, which obviously don't work. Just wondering if there's any way around this, without reconfiguring the firewall to not use NAT.
I'm just trying out FMS17 on a virgin Windows Server Essentials 2016 install, which I do not plan to use for any other task except hosting FMS17. I'm looking to switch off or block all ports and services which aren't needed for Filemaker Server. The ones I'm planning to open for FMS are 80, 443, 5003, 16000. The other ones which seem to be open separately from FMS are : PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-wbt-server I'll be placing IP restrictions on 3389 (for my RDP), regarding switching off the rest, it occurred to me that parts of the OS may need to use some of these services to do what they need to do (e.g. allow administrator to login to windows?) Will be using a firewall external to windows itself, rather than the Microsoft firewall.