Ports and encryption

Owned by Former user (Deleted)
Sept 10, 2020
2 min read

Ports

The Front-end server is accessed by a variety of clients and from multiple locations. For performance and security reasons, they are divided into two groups;

  • Clients from the inside of the firewall (LAN)
  • Clients from the outside  of the firewall (WAN)

To support these groups, the Front-end server has two ports available; An Internal port and a Public port, shown below as I and P1. Basically, the two ports deliver the same functionality to all clients, but the Public port does not allow access to statistics (/statistics), the log file (/log), and the info page (/Info/all). The Internal port is the main port of the Front-end server and is used to access the server from within the organization. 

The base agents are given one or two addresses for communication with the Front-end server. 

  • An address to the Internal port I (FrontendServiceInternalUrl). This is the main and preferred port. 
  • An address to the Public port P2 (FrontendServicePublicUrl). This is the port that the base agent will fail-over to if the Internal port is unavailable (When the computer is away / the employee works from home / the computer is located at a remote location without a VPN connection)

The Firewall must then redirect incoming calls on P2 to the Front-end P1.

The internal port can be altered in the System Administration plugin or by command line argument /internalport=<port>. The default port is 80.

The public port can be altered by command line argument /publicport=<port>. The default port is 7777.


Encryption

One of the biggest advantages of splitting the traffic between the internal and public port is that demand for encryption of transferred data can be adjusted individually. By removing the demand for encryption on the internal port, the Front-end server will have improved performance. Please note that this encryption setting has nothing to do with the authentication of clients. The authentication process is always encrypted. This can not be changed.
By default, encryption is enabled on both ports.
  • To disable encryption on the internal port use the command line argument; /internalencryption=false. 
  • To disable encryption on the public port uses the command line argument; /publicencryption=false. (not advised)