Configuring the Firewall
Applies To: Windows Compute Cluster Server 2003
Configuring Windows Firewall on a cluster
As part of Compute Cluster Pack head node setup, you have the option to enable or disable Windows Firewall on the head node.
Your choices are:
Enable Windows Firewall
Selecting this option will enable Windows Firewall on the public interface of the head node and on any public network interfaces that exist on the compute nodes (as in network topology scenarios 2, 4, and 5). If your cluster has private or MPI networks, the firewall is disabled by default on those interfaces.
Disable Windows Firewall
Selecting this option will disable Windows Firewall on all head node network interfaces.
Important
If the head node is a domain controller, you must disable Windows Firewall.
To configure Windows Firewall on a compute cluster
On the Networking tile of the To Do List, click Manage Windows Firewall Settings (wizard).
On the Before You Begin page of the wizard, note the purpose of this wizard. Click Next to continue or Cancel to close the wizard.
On the Configure Firewall page, select one of the following:
Select Enable Windows Firewall to enable the firewall on all public network interfaces on the cluster head node and compute nodes.
Select Disable Windows Firewall to disable the firewall on all interfaces.
Click Next.
Windows Firewall settings on the head node are applied to compute nodes at the following times:
When the node is discovered and configured during setup.
Every 12 hours, the default refresh period for the SDM data store.
Whenever the cluster administrator runs the Manage Firewall Wizard and modifies, enables, or disables Windows Firewall.
For information about Windows Firewall, see Microsoft Networking Resources.
Port exemptions
Certain ports are placed on the firewall exempt listing, depending on the cluster network topology chosen.
Head Node Exemption List in Topology Scenarios 1, 2, 3, and 4
Traffic to Head Node | Port |
---|---|
Job Scheduler |
TCP 5969 |
SDM (data store) |
TCP 9892 |
Management Service |
TCP 6729 |
File and Print Services |
Predefined service |
Remote Administration |
Enabled |
Remote Desktop Service |
Predefined service |
Head Node Exemption List in Topology Scenario 5
Traffic to Head Node | Port |
---|---|
Job Scheduler |
TCP 5969 |
SDM |
TCP 9892 |
Management Service |
TCP 6729 |
File and Print Services |
Predefined service |
Remote Administration |
Enabled |
Remote Desktop Service |
Predefined service |
Scheduler port for Node Management Service |
TCP 5970 |
Compute Node Exemption List in Topology Scenarios 1, 2, 3, and 4
Traffic to Compute Node | Port |
---|---|
Management Service |
TCP 6729 |
Remote Administration |
Enabled |
Remote Desktop Service |
Predefined service |
Compute Node Exemption List in Topology Scenario 5
Traffic to Compute Node | Port |
---|---|
Management Service |
TCP 6729 |
Remote Administration |
Enabled |
Remote Desktop Service |
Predefined service |
Scheduler port for Node Management Service |
TCP 5970 |
Node Manager |
1856 |
SMPD.EXE |
Application Exemption |
Important
When you use Automated installation to install and configure a compute node, Windows Firewall is enabled on that compute node as part of the unattended RIS installation. When Compute Cluster Pack is installed (normally a very brief interval) the firewall is enabled and configured or disabled according to the Windows Firewall settings on the head node.