Opening Firewall Ports
If you are using Windows Integrated authentication, if traffic is going from a Business Desk client to a server, open ports 80 or 443 in your firewall.
- The client computer must be in the same domain or trusted domain of the Business Desk server that is contacted for authentication.
If you use Basic Authentication on Business Desk, you do not need to open these ports. It is recommended that you use Basic Authentication and SSL.
Server to a Data Source
If traffic is going from a server (Commerce Server) to a data source, open the following ports in your firewall:
|1433||The default for SQL Server|
|2393, 2394 and 2725||Analysis Server (OLAP)
For additional information, see Knowledge Base article 301901: “INF: TCP Ports Used by OLAP Services when Connecting Through a Firewall,” available at http://go.microsoft.com/fwlink/?LinkId=15299.
Allow access in both directions, inbound and outbound.
If you are using a firewall that does not manage RPC connections, you will need to modify the registry on the computers involved to limit RPC secondary outbound ports to 5000-5020 (or whatever your preferred ports are) for Microsoft Distributed Transaction Coordinator (MSDTC).
|389||Active Directory name resolution|
|88||Active Directory authentication|
You only need to open these ports in the following situations:
- Between domain controllers, open 53, 389 and 445.
- Between Business Desk and the SQL and Analysis Servers, open 135 (DTCc), 1433 (SQL) and 2393/2394 (OLAP).
For step-by-step instructions that walk you through a sample Commerce Server deployment that includes three firewalls, see "Deploying a Secure Site" on the Microsoft TechNet Web site, located at http://go.microsoft.com/fwlink/?LinkId=8487.