3 Replies Latest reply: Nov 1, 2012 5:52 AM by Udo RSS


      Hello friends,
      I work on apex 4.2 ... Listener 2.0 on Glassfish 3.1.2 on Win 2012 machine, and Oracle 11g SOE...

      I can connect to apex apps through local network .. but in public network , I mean internet, I cannot connect to APEX Apps unless I disable Windows firewall.

      I already added Glassfish Service to the exception list of the Firewall, but to not avail.. Any idea about how can I make Apex app available publicly without disabling Win firewall ??

      Best Regards,
        • 1. Re: Firewall
          Hello Fateh,

          I'm not sure about Win 2012, as I didn't have any hands on that release yet. Certainly it's not certified (yet) for any of the components you've listed... ;)
          Though this is probably not relevant for that specific issue, I'd recommend to consider using supported environments for (public) production systems only.
          But as you've found out, this seems to be a purely network related issue. How is your 2012 machine connected to these two networks, especially, does it have two network interfaces or is the external connection going through your local LAN interface?
          If you have two interfaces, you probably have two different network zones with individual firewall settings and probably different network zones (including certain trust levels). Instead of disabling the firewall completely, it should be possible to configure firewall/trust/other security policies accordingly. I don't think this is an APEX Listener related issue...

          • 2. Re: Firewall
            Hi Udo,

            I hope that you are doing well these days...
            Actually, I had the same problem previously with Win 7 and Win 2008, and I thought that some of you experienced the same thing...
            I have only one Network card .. The server is connected to a small business Netgear router... I am planning to move to the cloud, but they did not give access yet...

            • 3. Re: Firewall
              Hi Fateh,

              I hope you are doing well, too.
              I have only one Network card .. The server is connected to a small business Netgear router...
              So I assume you've configured your router to use your Server as DMZ Host, right? This would ususally be a scenario for dedicated LAN interfaces to separate DMZ traffic from local traffic. Though it might be possible to configure your firewall to get this separated somehow, I'd recommend to change your router configuration from using a DMZ-host to a NAT-Mapping. Your server will treat these requests like other internal requests and your router will do the mapping. Another positive side effect would be that your server isn't facing the internet directly and your "poor" windows firewall isn't supposed to handle all kinds of attacks including resource consuming port scans, etc.. That's what NAT routers are designed for.