Firewall Requirements

Windows Firewall

The Windows Firewall has different default configurations based on the version of Windows Server.

In most cases, the File Reporter installation enables the following firewall settings. In the rare circumstances where it does not, you will have to establish these manually.

Engine

  • The Engine must be permitted to make outbound connections.
  • The Engine must be able to listen on port 3035. This is the default port choice that is presented during the installation and configuration.
  • The default firewall rule for the Engine allows access to the application on any port it listens on.

Web Application

  • The Web Application hosted on IIS must be allowed to listen on TCP ports 80 and 443.

AgentFS

  • The Agent must be permitted to make outbound connections.
  • The Agent must be able to listen on port 3038. This is the default port choice that is presented during the installation and configuration.
  • The default firewall rule for the Agent allows access to the application on any port it listens on.

File Content Analysis

If File Content Analysis is enabled:

  • ManagerFC, AgentFC, and RabbitMQ must be permitted to make outbound connections.

  • RabbitMQ must be able to listen on TCP port 15671 for the management interface (which is the default setting during RabbitMQ configuration with TLS).

  • RabbitMQ must be able to listen on TCP port 5671 (which is the default setting during RabbitMQ configuration with TLS).

Admin Client

  • The Admin desktop client must be permitted to make outbound connections.

Resource Servers

  • On each Windows server hosting user or collaborative storage with managed quota, you must enable the Remote File Server Resource Manager Management - FSRM Service (RPC-In) firewall rule.

Database Server

  • The associated SQL Server or PostgreSQL instance hosting the File Reporter database must listen on TCP/IP.

  • Currently only IPv4 addresses are supported.

  • The listening TCP/IP port (default port 1433 for SQL Server or 5432 for PostgreSQL) must be enabled for access in the firewall where the database server is running.

  • The Engine, Web Application, Agent365, ManagerFC, and desktop applications must have access to the address and port of the database server.

Other Services

The following services may run on Windows or Linux, so firewall rules management may vary depending on the service host.