Administering the Network

2.1. Configuring the Firewall(s)

Typically, the application server and database server are deployed behind a router (NAT/firewall) device. The port-forwarding on the device must be configured as follows:

  • Allow HTTP traffic: forward port 80 to the web server. Note: the web server may be deployed to the same physical server as the application server.
  • Allow Java Naming and Directory Interface (JNDI) traffic: forward to the application server.
  • Allow Java Remote Method Invocation (RMI) traffic: forward to the application server.

Note: modern routers support configuration of port-forwarding using a simple web-interface that can be accessed using an admin account. Consult the router vendor’s documentation for details.

In the <application>.properties files, the following settings can be configured:

  • The FServer.proxy must be configured to reference the hostname (or IP address) of the router/firewall that the server is behind.
  • The FServer.hostname must be configured to reference the hostname (or IP address) of the application server.
  • Optionally, the <JNDI Port> can be configured using the FServer.rmiRegistryPort property. The default is 1099.
  • Optionally, the <RMI Port> can be configured using the FManager.port property. The default is 1098.

Note: it is very common for both servers and client to have software firewalls which are typically integrated into the operating system. These must be treated in a similar way as hardware firewalls; however, the ports must be ‘opened’ instead of being ‘forwarded’.