Firewall Ports

Application Center is able to work through a firewall. It is important to understand these issues when building an Application Center–managed site.

Front-end Firewall

The front-end firewall is the first point of protection for Internet sites. This firewall should block all ports except for Web (80) and Secure Sockets Layer (SSL) (443) traffic.

Deployment

Firewalls play an important role in stage-and-deploy scenarios where Web site content is prepared on a stager, and then deployed to a cluster controller. For security, it is important to isolate the stager by using a firewall. For deployment to succeed, the firewall must have two ports open. These ports must allow communication from the source to the target cluster controller. By default, Application Center uses these ports. You can reconfigure these ports as required.

Port

Purpose

4244

Provides access for content deployment that is driven by DCOM/RPC.

4243

Provides access for content deployment that is driven by HTTP.

Remote Control of NLB Clusters

Although it is not recommended, nor is it supported, you can enable remote control of clusters that use NLB.

Bb687351.caution(en-us,TechNet.10).gif Caution   If remote control is enabled (disabled by default), it is vital, for security reasons, that you use a firewall for the NLB User Datagram Protocol (UDP) ports (the ports receiving remote-control commands) to shield them from outside intrusion. By default, these are ports 1717 and 2504 at the cluster IP address.

Bb687351.note(en-us,TechNet.10).gif Note   Application Center does not support synchronization of the NLB remote-control password. You must set the NLB remote-control password on each cluster member.

  • For more information about the remote control parameter, see the Windows 2000 Server Help.

  • For more information about using firewalls, see Cluster Topology and Firewalls.

Did you find this information useful? Please send your suggestions and comments about the documentation to acdocs@microsoft.com.