https://communities.sas.com/t5/Administration-and-Deployment/Multi-tier-Environemnt-Firewall-Port-Exceptions/m-p/535395#M15636 <P>I have searched and had various helpful posts and instruction manuals, but nothing concrete, so I just thought I would ask the community.</P><P>&nbsp;</P><P>We have been running our multi-tier environment for a few years now, wide open (no firewall). We now must implement a firewall, per company security. Our sas installer has been hesitant to assist in this endeavor. We are running Oracle 6.8, if that helps or matters. Our environment structure will be listed below in the outline and our proposed method.</P><P>&nbsp;</P><P>Tools that people are using: VA, SMC, EG, Text Miner, SAS DI Studio, SAS Studio, Environment Manager, Document Conversion Server.</P><P>&nbsp;</P><P><STRONG>Global rules:</STRONG></P><UL><LI>All outbound will be open.</LI><LI>Between the 7 sas servers, all ports and protocols will be open.</LI><LI>Ping is open to a specific server (network monitoring server)</LI><LI>Loopback is enabled</LI><LI>Port 22 is open for SSH</LI></UL><P><U><STRONG>SAS client tools port rules:</STRONG></U></P><P>&nbsp;</P><P><STRONG>Web:</STRONG><BR />7980 # SAS Web Server HTTP Port<BR />8343 # SAS Web Server HTTPS Port<BR />7080 # Environment Manager HTTP<BR />7443 # Environment Manager HTTPS</P><P>&nbsp;</P><P><STRONG>Meta:</STRONG><BR />8561 # Management Console<BR />8591 # Enterprise Guide</P><P>&nbsp;</P><P><STRONG>Compute:</STRONG><BR />8701 # pooled workspace server port<BR />8591 # Enterprise Guide<BR />8601, 8611, 8621, 8631 # stored process server port<BR />5308 # idk what this one is used for, but installer did mention it</P><P>&nbsp;</P><P><STRONG>VA:</STRONG><BR />8701 # pooled workspace server port</P><P>&nbsp;</P><P><STRONG>VA worker 1-3:</STRONG><BR />Nothing SAS specific has been opened</P><P>At first I was concerned about ldap and odbc database connections, but then realized they would be covered under outgoing. So is there anything else that I may have missed or need to open. Or does this path forward appear to be good?</P> Wed, 13 Feb 2019 20:27:10 GMT five 2019-02-13T20:27:10Z https://communities.sas.com/t5/Administration-and-Deployment/Multi-tier-Environemnt-Firewall-Port-Exceptions/m-p/535395#M15636 <P>I have searched and had various helpful posts and instruction manuals, but nothing concrete, so I just thought I would ask the community.</P><P>&nbsp;</P><P>We have been running our multi-tier environment for a few years now, wide open (no firewall). We now must implement a firewall, per company security. Our sas installer has been hesitant to assist in this endeavor. We are running Oracle 6.8, if that helps or matters. Our environment structure will be listed below in the outline and our proposed method.</P><P>&nbsp;</P><P>Tools that people are using: VA, SMC, EG, Text Miner, SAS DI Studio, SAS Studio, Environment Manager, Document Conversion Server.</P><P>&nbsp;</P><P><STRONG>Global rules:</STRONG></P><UL><LI>All outbound will be open.</LI><LI>Between the 7 sas servers, all ports and protocols will be open.</LI><LI>Ping is open to a specific server (network monitoring server)</LI><LI>Loopback is enabled</LI><LI>Port 22 is open for SSH</LI></UL><P><U><STRONG>SAS client tools port rules:</STRONG></U></P><P>&nbsp;</P><P><STRONG>Web:</STRONG><BR />7980 # SAS Web Server HTTP Port<BR />8343 # SAS Web Server HTTPS Port<BR />7080 # Environment Manager HTTP<BR />7443 # Environment Manager HTTPS</P><P>&nbsp;</P><P><STRONG>Meta:</STRONG><BR />8561 # Management Console<BR />8591 # Enterprise Guide</P><P>&nbsp;</P><P><STRONG>Compute:</STRONG><BR />8701 # pooled workspace server port<BR />8591 # Enterprise Guide<BR />8601, 8611, 8621, 8631 # stored process server port<BR />5308 # idk what this one is used for, but installer did mention it</P><P>&nbsp;</P><P><STRONG>VA:</STRONG><BR />8701 # pooled workspace server port</P><P>&nbsp;</P><P><STRONG>VA worker 1-3:</STRONG><BR />Nothing SAS specific has been opened</P><P>At first I was concerned about ldap and odbc database connections, but then realized they would be covered under outgoing. So is there anything else that I may have missed or need to open. Or does this path forward appear to be good?</P> Wed, 13 Feb 2019 20:27:10 GMT https://communities.sas.com/t5/Administration-and-Deployment/Multi-tier-Environemnt-Firewall-Port-Exceptions/m-p/535395#M15636 five 2019-02-13T20:27:10Z https://communities.sas.com/t5/Administration-and-Deployment/Multi-tier-Environemnt-Firewall-Port-Exceptions/m-p/535436#M15638 <P>ODBC connections are two-way. If by outbound you mean the server which initiates the connection then you should be OK. Where I work all ports need an explicit exception, both inbound and outbound, and in-flight traffic needs to be encrypted as well.</P> <P>&nbsp;</P> <P>Enterprise Guide requires an 8561 metadata connection just like Management Console.</P> Wed, 13 Feb 2019 22:11:53 GMT https://communities.sas.com/t5/Administration-and-Deployment/Multi-tier-Environemnt-Firewall-Port-Exceptions/m-p/535436#M15638 SASKiwi 2019-02-13T22:11:53Z