Jump to content

FireWall Help!!! Urgent!!!


MeltDown
 Share

This topic is 7254 days old. Please don't post here. Open a new topic instead.

Recommended Posts

TOMORROW (Dec 5) a Firewall will be installed on the network connection between my department's Computer Center and the central computer center used by the rest of the state. Connections to my department from other state Departments and the Internet are routed through this connection. According to the memo I received today, inbound connections will be filtered. Connections initiated from inside my Department's network will not be affected. Some remote connections, i.e., PC Anywhere and RAdmin, may be cut off. It also states there will be some users that will be inadvertently cut off -- those that connect through the Internet and from other departments.

I have several macs operating FMP 5.0 Unlimited and FMP 4.0 databases using webcompanion to serve several different database systems over the internet. These systems allow users to access, view, add and edit FM database over the internet. These databases are accessed and maintained by staff within our department AND by unspecified local and private parties outside of the department who access the internet using a vast variety of service providers. We do not use Filemaker Server. I do have webstar 4.0, but I am not currently using it with our applications. My applications use ports 80 and 591.

The Department does NOT support Macs and they do NOT like or support FileMaker. I looked for Forum discussions regarding Firewalls and am concerned that my systems will not operate correctly after the Firewall is implemented. But I am very ignorant about network connections and routers, and I don't know how to analyze the potential impact.

Will this Firewall impact my systems, and if so how?

Is there something I can do to prevent the Firewall from adversely afecting my systems?

Is there anything special the Firewall implementation team needs to know about FMPro so they can fix the system to operate on both sides of the Firewall?

I would like to be able to provide the information needed to head off potential problems, but I am lost and confused.

Any help would be greatly appreciated.

[ December 04, 2001: Message edited by: MeltDown ]

Link to comment
Share on other sites

The Web Companion uses Port 80 or Port 591 as you noted. This is for FileMaker Pro 4.0, 4.1, 5.0, and 5.5.

If you are using FileMaker Pro 5 and FileMaker Server 5, you should open Port 5003 for TCP, but block Port 5003 for UDP. THis is a change from FileMAker Pro 4 and FIleMAker Pro Server 3 where Port 5003 needed to be opened for both TCP and UDP.

FileMaker Server 5.5 and FileMaker Pro 5.5 can operate with Port 5003 either open or closed for UDP; but Port 5003 must be open for TCP.

FWIW, I will cover this in my class at the Windows Academy-Mac Academy Summit in Orlando, Florida, in late February.

Old Advance Man

Link to comment
Share on other sites

Thank you for the help. Please forgive my ignorance, but I would like to re-state what I think you are telling me so I can communicate this to the Network services people with clarity.

1.) I should ask them to open Firewall ports 5003tcp and 5003udp and 2399tcp and 2399udp open in order to allow FMPro 4.0 and FMPro 5.0/5.5 to operate outside of the Firewall. (2399 is from a search of this forum. Are both 5003 and 2399 needed by FMPro 4.0, but only 5003 for FMpro5.0?)

2.) Even though I specify whether my application will use port 80 or 591, these ports also must be open in the Firewall.

3.) Is there a way to have some of my systems operate in and out of the Firewall, and others only operate behind the Firewall? For example, if I ask them to only open port 80 on the Firewall, could I designate port 591 for systems I would prefer to keep behind the Firewall? If so, would it be reasonable to ask them to open both ports for now, and then ask them to close one of the ports at a later date when we implement a system with more sensitive data?

4.) Is there any reason that they will not want to open these ports for me (other than the fact that they just don't want to support my systems)? For example, are there other applications that use these ports that could be affected? Could I be requesting an unprotected hole that they won't want to allow? If so, what argument can I provide that will calm their nerves??

They did something last night (a day ahead of schedule?) I can't get into any of the 'public access pages' from home, but the pages can be accessed from computers within the Firewall.

Thanks a million! laugh.gif" border="0

Link to comment
Share on other sites

From IANA database:

fmpro-fdal 2399/tcp FileMaker, Inc. - Data Access Layer

fmpro-fdal 2399/udp FileMaker, Inc. - Data Access Layer

It is not necessary open this port if you are not using DAL at all.

Ports 80 and 591 are for web access via browsers.

Port 5003 is only for FM to FM traffic. Workstation to workstation, or workstation to server.

[ December 05, 2001: Message edited by: Anatoli ]

Link to comment
Share on other sites

quote:

Originally posted by Anatoli:

From IANA database:

fmpro-fdal 2399/tcp FileMaker, Inc. - Data Access Layer

fmpro-fdal 2399/udp FileMaker, Inc. - Data Access Layer

It is not necessary open this port if you are not using DAL at all.

Ports 80 and 591 are for web access via browsers.

Port 5003 is only for FM to FM traffic. Workstation to workstation, or workstation to server.

[ December 05, 2001: Message edited by: Anatoli ]

OK, so this is completely different from what I was thinking above. If I understand you correctly:

>>If I have people connecting to shared Filemaker Databases via TCP/IP from outside the firewall, where both computers have Filemaker installed, then I would need to have 5003 open. Otherwise, if people are only accessing the databases over the web port 5003 could remain closed.

>>Ports 80 and 591 must be open to allow web access, and if they aren't open then they will only work in the intranet, and not on the internet.

>>And I looked and looked, but can't find anything explaining what the data access layer is...is this allowing people to add and edit records over the web? If it is, then I need to have port 2399 open, right?

So, now do I have the correct picture?

Sorry in advance for being so dense....I really appreciate the help!

Link to comment
Share on other sites

RE: >>And I looked and looked, but can't find anything explaining what the data access layer is...is this allowing people to add and edit records over the web? If it is, then I need to have port 2399 open, right?

I think the "data access layer" is DAL and that is quite old Apple system for exchanging data between various applications/databases. Something like ODBC now on PC and some Macs. I believe, it is not used for FM to FM or FM to Web.

The rest is OK.

Link to comment
Share on other sites

This topic is 7254 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.