配置适用于非域成员的防火墙规则,以允许 BranchCache 流量Configure Firewall Rules for Non-Domain Members to Allow BranchCache Traffic

适用于:Windows Server(半年频道)、Windows Server 2016Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

你可以使用本主题中的信息来配置第三方防火墙产品,并手动配置客户端计算机,使其具有允许 BranchCache 在分布式缓存模式下运行的防火墙规则。You can use the information in this topic to configure third party firewall products and to manually configure a client computer with firewall rules that allow BranchCache to run in distributed cache mode.

备注

  • 如果已使用组策略配置 BranchCache 客户端计算机,则组策略设置将覆盖应用策略的客户端计算机的任何手动配置。If you have configured BranchCache client computers using Group Policy, the Group Policy settings override any manual configuration of client computers to which the policies are applied.
  • 如果已使用 DirectAccess 部署 BranchCache,则可以使用本主题中的设置来配置 IPsec 规则以允许 BranchCache 流量。If you have deployed BranchCache with DirectAccess, you can use the settings in this topic to configure IPsec rules to allow BranchCache traffic.

Administrators中的成员身份或同等身份是进行这些配置更改所需的最低要求。Membership in Administrators, or equivalent is the minimum required to make these configuration changes.

[PCCRD]:对等内容缓存和检索发现协议[MS-PCCRD]: Peer Content Caching and Retrieval Discovery Protocol

分布式缓存客户端必须允许入站和出站 PCCRD 流量,这会在 Web Services 动态发现中携带 (WS-MANAGEMENT) 协议。Distributed cache clients must allow inbound and outbound MS-PCCRD traffic, which is carried in the Web Services Dynamic Discovery (WS-Discovery) protocol.

除了入站流量和出站流量外,防火墙设置还必须允许多播流量。Firewall settings must allow multicast traffic in addition to inbound and outbound traffic. 你可以使用以下设置来配置分布式缓存模式的防火墙例外。You can use the following settings to configure firewall exceptions for distributed cache mode.

IPv4 多播:239.255.255.250IPv4 multicast: 239.255.255.250

IPv6 多播: FF02:: CIPv6 multicast: FF02::C

入站流量:本地端口:3702,远程端口:暂时Inbound traffic: Local port: 3702, Remote port: ephemeral

出站流量:本地端口:暂时,远程端口:3702Outbound traffic: Local port: ephemeral, Remote port: 3702

程序:% systemroot% \system32\svchost.exe (BranchCache 服务 [PeerDistSvc] ) Program: %systemroot%\system32\svchost.exe (BranchCache Service [PeerDistSvc])

[PCCRR]:对等内容缓存和检索:检索协议[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval Protocol

分布式缓存客户端必须允许入站和出站 PCCRR 流量1.1,如请求注释 (RFC) 2616 中所述。Distributed cache clients must allow inbound and outbound MS-PCCRR traffic, which is carried in the HTTP 1.1 protocol as documented in request for comments (RFC) 2616.

防火墙设置必须允许入站和出站流量。Firewall settings must allow inbound and outbound traffic. 你可以使用以下设置来配置分布式缓存模式的防火墙例外。You can use the following settings to configure firewall exceptions for distributed cache mode.

入站流量:本地端口:80,远程端口:暂时Inbound traffic: Local port: 80, Remote port: ephemeral

出站流量:本地端口:暂时,远程端口:80Outbound traffic: Local port: ephemeral, Remote port: 80