Knowledgebase:
Configuring Firewall rules for FileCatalyst Server on Microsoft Azure
Posted by , Last modified by Aly Essa on 04 August 2016 12:09 PM

Overview

Azure is Microsoft’s Cloud Platform that enables applications to be deployed across a high availability Internet-hosted environment. To deploy a FileCatalyst application, the proper ports must be opened and accessible to your Azure environment. This article will discuss the ports that need to be opened and how to open these ports using a scripted method.

As of the writing of this article, Azure only allows a total of 150 ports to be opened for any deployment. This is extremely important to note.

The default ports for FileCatalyst Direct are:

  • Port 21 for TCP.
    This is used as the communication channel. Port 21 is a default specified in the FileCatalyst Server and is not secure. You can change this as long as both FileCatalyst Server and Client Applications are using the same port.

  • Port 22 for TCP.
    This port is used for SSH connections.

  • Port 990 for TCP.
    This Port is secured over SSL and is also used as the communication channel. The default value of 990 can also be changed in the FileCatalyst Server Remote Admin Application.

  • Port range 8000-8999 for TCP and UDP.
    Some firewalls and NAT devices require setting up 2 separate rules and others allow you to specify TCP and UDP. These ports are used to transfer the Data to and from the FileCatalyst Server and is commonly referred to as the Data Channel. 
  • Port 12400 for TCP.
    This is the Remote Admin Port. This port is exclusive to the FileCatalyst Server Remote Admin Application.

The default ports for FileCatalyst Workflow/Webmail are:

  • Port 80 for TCP.
    HTTP inbound connections are accepted by the Tomcat Web Server on this port. 
  • Port 443 for TCP.
    HTTPS connections and secured communication to the Tomcat Web Server use this port. 

 

Environment

Microsoft Azure Cloud Computing

FileCatalyst Direct Suite v3.5 and later.

FileCatalyst Workflow v4.9.4 and later.

FileCatalyst Webmail v4.9.4 and later.

Windows and Linux Environments.

 

Resolution

  1. Plan of ports to open.
    Your local Windows System will need to allow data connection ports. Windows Firewall is accessible from Control Panel. Microsoft Azure has a limit of 150 open ports. For FileCatalyst, we will configure 70 ports for file transfers. Data Ports will need to be opened for both TCP and UDP.

  2. Create a folder on your local computer called c:\AzureScripts.

  3. PowerShell Prerequisites:
    1. Change your working directory to the AzureScripts location.
    2. Download and install the Windows PowerShell and Azure command-line interface tools from Azure PowerShell Web Installer. (http://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409)
    3. Open Windows Azure PowerShell application. You may have a Windows PowerShell installed. Do not use PowerShell that is shipped with Windows as it does not have the Azure libraries. Run the following commands:

      Add-AzureAccount

      This will open a dialog for you to sign in to the Azure Portal.

      Get-AzurePublishSettingsFile

      When your browser opens, a credentials.publishsettings file will download to your default download directory.

  4. Opening ports on Microsoft Azure using PowerShell with Azure Libraries.
    At first setup, you will not be able to execute scripts in PowerShell scripts. In order to run PowerShell scripts, run the following command:

    Set-ExecutionPolicy RemoteSigned

  5. Open the ports using PowerShell:
    1. Create a folder on your local computer called C:\AzureScripts or change your working directory to it if the folder exists.
    2. Copy the publish profile settings file you downloaded in prerequisite 3c into this folder.
    3. Download and copy the AddFCPortsToAzureFirewall.ps1 and FCPorts.csv files from the supporting assets archive included in this document to the AzureScripts folder.
    4. Edit the AddFCPortsToAzureFirewall.ps1 using a text editor and enter the appropriate information under Get-AzureVM -ServiceName [YOUR_INSTANCE_NAME].
    5. Save the file once you have made your changes.
    6. Open Windows Azure PowerShell application. 
    7. Change the working directory to the AzureScripts folder.
    8. Run the AddFCPortsToAzureFirewall.ps1 file.
    9. This should add all the ports needed by FC to your virtual instance.

 



Attachments 
 
 fcports.csv (4.46 KB)
 addfcportstoazurefirewall.ps1 (1.36 KB)