We have an appserver ("WebAPI_AS") pointing to a database ("OurLittleGoldMine") and making use of the name server ("NS1"). We have tested access to the appserver when the firewall is off. Then we turned the firewall on, and added exceptions for incoming connections on port 5162 (NS1) and 3092 (WebAPI_AS). We can no longer connect to the appserver. So I left the firewall on, but instead of allowing UDP/5162, I said 'any' for my rule. And then we can connect again.
Here is some relevant documentation I can find from PSDN:
| ID: P58464 |
For the StateReset and StateAware AppServer the ports that need to be open are:
I cannot find on the Name Server configuration where minNSClientPort/maxNSClientPort are set. Additionally, I can't find where Windows firewall lets me enter a range of ports - it seems to want a comma-delimited string. If I have more than a handful of ports, that seems like trouble.AIA or WSA -------- 5162 / UDP --------> NameServer
AIA or WSA <-------- (minNSClientPort <> maxNSClientPort) / UDP -------- NameServer
AIA or WSA <-------- broker_Port / TCP --------> AppServer broker
AIA or WSA <-------- (srvrMinPort <> srvrMaxPort) / TCP --------> AppServer servers
When I look in the firewall log, I see this message:
2011-08-04 00:01:58 DROP UDP 10.195.205.107 10.96.195.58 61174 5162 84 - - - - - - - RECEIVE
Solved:
For the appserver agents (ports 2002 - 2202), I needed to enter a comma-delimited list of those ports (I only entered the first 5, because it can't be possible that I really have to comma-delimit a list of 200 ports) under my inbound rules exception, but only on the 'Local Port' field. For 'Remote Ports', I needed to leave it open to All Ports, because we don't know what port someone else is using to come in. Once I made that change, I could access the appserver remotely.
Cathi