This discussion is archived
3 Replies Latest reply: Nov 1, 2012 3:52 AM by Udo RSS

Firewall

Mindmap Pro
Currently Being Moderated
Hello friends,
I work on apex 4.2 ... Listener 2.0 on Glassfish 3.1.2 on Win 2012 machine, and Oracle 11g SOE...

I can connect to apex apps through local network .. but in public network , I mean internet, I cannot connect to APEX Apps unless I disable Windows firewall.

I already added Glassfish Service to the exception list of the Firewall, but to not avail.. Any idea about how can I make Apex app available publicly without disabling Win firewall ??

Best Regards,
Fateh
  • 1. Re: Firewall
    Udo Guru
    Currently Being Moderated
    Hello Fateh,

    I'm not sure about Win 2012, as I didn't have any hands on that release yet. Certainly it's not certified (yet) for any of the components you've listed... ;)
    Though this is probably not relevant for that specific issue, I'd recommend to consider using supported environments for (public) production systems only.
    But as you've found out, this seems to be a purely network related issue. How is your 2012 machine connected to these two networks, especially, does it have two network interfaces or is the external connection going through your local LAN interface?
    If you have two interfaces, you probably have two different network zones with individual firewall settings and probably different network zones (including certain trust levels). Instead of disabling the firewall completely, it should be possible to configure firewall/trust/other security policies accordingly. I don't think this is an APEX Listener related issue...

    -Udo
  • 2. Re: Firewall
    Mindmap Pro
    Currently Being Moderated
    Hi Udo,

    I hope that you are doing well these days...
    Actually, I had the same problem previously with Win 7 and Win 2008, and I thought that some of you experienced the same thing...
    I have only one Network card .. The server is connected to a small business Netgear router... I am planning to move to the cloud, but they did not give access yet...

    Regards,
    Fateh
  • 3. Re: Firewall
    Udo Guru
    Currently Being Moderated
    Hi Fateh,

    I hope you are doing well, too.
    I have only one Network card .. The server is connected to a small business Netgear router...
    So I assume you've configured your router to use your Server as DMZ Host, right? This would ususally be a scenario for dedicated LAN interfaces to separate DMZ traffic from local traffic. Though it might be possible to configure your firewall to get this separated somehow, I'd recommend to change your router configuration from using a DMZ-host to a NAT-Mapping. Your server will treat these requests like other internal requests and your router will do the mapping. Another positive side effect would be that your server isn't facing the internet directly and your "poor" windows firewall isn't supposed to handle all kinds of attacks including resource consuming port scans, etc.. That's what NAT routers are designed for.

    -Udo

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points