FOXMAN-UN in Firewalled Environment - Application Note
Purpose and Scope
General
The FOXMAN-UN system shall be deployed in a firewalled environment.
The FOXMAN-UN core component installs and activates a service file for firewalld (the firewall daemon) on the Linux server which will allow the use of all services of FOXMAN-UN in default configuration.
The firewalls should be configured to allow communications between the FOXMAN-UN components. The security risk can be minimized by opening only restricted port ranges.
This Application Note provides information for the firewall administrator to configure the firewalls in the following deployments:
• firewall between FOXMAN-UN Core and FOXMAN-UN Client,
• firewall between FOXMAN-UN Core and FOX61x network,
• firewall between DIRAC and SENC1 units in a FOX61x,
• firewall between FOXMAN-UN Core and FOX51x network,
• firewall between FOXMAN-UN Core and northbound OSS.
Deploying the FOXMAN-UN system in a firewalled environment raises the question of listening TCP/UDP ports used by applications on both sides of the firewall.
To provide answers to this question, the following major topics are covered:
• Overview of communications between the FOXMAN-UN components, focusing on the core/client processes and their corresponding port range to be opened in the firewall.
• Factors/considerations to estimate the number of ports to be opened based on your FOXMAN-UN specific implementation.
Please note:
• The actual firewall configuration procedures are beyond the scope of this document. It is up to the firewall administrator to use the FOXMAN-UN specific information provided in this document to configure his network firewalls accordingly.
• The current implementation of FOXMAN-UN restricts destination ports and some of the source ports.