DPE Firewall Settings
Overview
The firewall settings need to allow the usage of certain ports.
Port | Where to allow |
---|---|
TCP 80 (HTTP) TCP 443 (HTTPS) | Firewall of computer which is hosting DPE Server. |
TCP 1433 (MSSQL) | Firewall of MS SQL Server which is hosting DpeCoreDb. |
TCP 35000, 35001, 35002... | Firewall of computer where SAF servers are running (number depends on the number of SAF servers running on the same computer). Needed for immediate processing of Workflows and Jobs |
TCP 31808, 31807, 31806... | Firewall of computer where SAF servers are running (number depends on the number of SAF servers running on the same computer). |
TCP 31810 | Firewall where SafService is running = DPE/IIS. 31810 and above ports are needed for SAF Monitor web page |
TCP 31811 | Firewall where SAF Admin is running. Needed by SAF Admin to manage SAF Servers from a remote computer |
Web Server (80, 443)
DPE web pages and web services are hosted inside an Microsoft IIS web server.
Therefore port 80 (HTTP) or port 443 (HTTPS) has to be open in the firewall on the computer which is hosting the DPE Server.
If the port is not open DPE web pages and web services cannot be accessed.
Microsoft SQL Server (1433)
DPE Server uses a Microsoft SQL Server database (DpeCoreDb) to store logs, workflow and job state.
To allow DPE Server to access the database server port 1433 has to be open in the firewall on the computer which is hosting the SQL server.
If the port is not open DPE can not access the database and will fail reading or writing logs or workflow system related data.
SAF Server External Request Port (35000, 35001, 35002,...)
A SAF Server is listening for external requests/notifications on these ports. The more SAF Servers are running on a computer the more ports are needed (starting with port 35000).
Ports have to be opened in the firewall of the computer where the SAF servers are running (number depends on the number of SAF servers running).
An usage example is the notification for "WorkflowCreated" from DPE WorkflowService to the WorkflowServer. When the port is not open notifications will be blocked and immediate processing of workflows and jobs will be delayed.
SAF Server Remoting Ports
These ports are needed to display SAF server and module state in SAF Monitor. Technically communication channels between SAF Server and SafService (a DPE web service inside DPE Server) are used.
SAF Server Remoting Port (31808, 31807, 31806,...)
Ports for SAF remoting are needed when using SAF Monitor (= SAF web admin).
Ports have to be open in the firewall of the computer where SAF servers are running (number depends on the number of SAF servers running).
If ports are not open SAF Monitor will not be able to display correct status information.
SafService Remoting Port (31810)
Port for SAF service is needed when using SAF Monitor (= SAF web admin).
Port has to be open in the firewall where SafService is running = computer where DPE/IIS is running.
If port is not open SafService cannot be updated with status information and SAF Monitor will not be able to show correct status information.
SAF Admin Remoting Port (31811)
Port has to be open to allow classical desktop SAF Admin to manage SAF Servers on other computers.
Port has to be open in the firewall of the computer where SAF Admin is running.
If port is not open SAF Admin can only manage local SAF Servers.