Firewall and Router Configuration

Typical configurations that allow Agents to connect to the Vault over the Internet involve placing the Vault inside a firewall and connecting to the Internet using a router.

Routers typically provide DHCP services. This means that computers inside the firewall ask the router to assign them a unique IP address in a given range, and that IP address would change from time to time. Routers typically support static IP addresses of computers inside the firewall. (Static IP addresses do not change and are assigned permanently to the computers.)

For example, a router could be configured as follows:

The router itself has an IP address 192.168.1.1.
The router runs a DHCP server that automatically assigns IP addresses to the computers inside the firewall in the range 192.168.1.50 to 192.168.1.255.

In this example, IP address 192.168.1.2 to 192.168.1.49 would be available as static IP addresses for computers inside the firewall. So you could, for example, set the TCP/IP protocol of the computer running the Vault as follows:

IP address 192.168.1.20

subnet mask 255.255.255.0

default gateway 192.168.1.1

After setting up the computer in this way, make sure you can browse the Internet from the computer. If not, double check that the IP address is within the correct range, and that the gateway's address is that of the router.

Thus far, you are allowing outbound Internet traffic from the computer using a static IP address. However, the firewall still does not allow any inbound traffic; that is, it does not route requests coming from outside of the firewall to reach the Vault. To achieve that, you would need to setup port forwarding on the router.

Port forwarding is a mechanism that routes requests coming from the Internet (into the router) on a given port to a specific computer inside the firewall. For example, suppose the Vault is listening on port 80 (which is the default port). You would configure the router to direct any incoming traffic on port 80 to IP address 192.168.1.20 (the Vault computer) port 80. Note that it is not necessary to use the same port number in the mapping. For example, you could configure the router so that requests on port 711 are directed to the Vault computer's port 80.

This online help file is for WAFS version 4.3. For other versions, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 29-Sep-14 at 10:59:19