Foldr Zen Zone

Knowledge Base

Deploying Foldr in a DMZ scenario

A Foldr appliance is typically be deployed directly in the local network (LAN), however it can also be placed within a DMZ.   In a DMZ scenario, the administrator usually has to explicitly permit what type of network traffic is allow you are required to specify what network ports are allowed to pass to the trusted internal network.

Network Ports

The following ports should be permitted from the DMZ appliance to the trusted / LAN.

TCP 389 / 636 (LDAP / LDAPS) > Domain Controllers
UDP/TCP 53 (DNS) > Domain Controllers / DNS servers
TCP 445 (SMB) > File servers hosting SMB shares
TCP 30537 (Foldr web settings UI) > administrative workstations
TCP 2082 (SSH) > administrative workstations
TCP 80 / 443 (HTTP/HTTPS) > end user machines/devices
TCP 3306 (DB client access) > See client access section below
TCP 8983 (Search) > Search appliance
TCP 6379 (Caching) > Foldr DB / Infrastructure appliances (if used)

If a second Foldr appliance has been deployed inside the LAN for search indexing (to provide search functionality), you should also open TCP 8983 from the
appliance in the DMZ to the search appliance.

In a DMZ deployment, it may be considered beneficial to store all the configuration database on a separate appliance hosted on the LAN, leaving the appliance in the DMZ purely to serve client requests.  More information on infrastructure and client access roles is available here:

https://kb.foldr.io/foldr-support/appliance-modes-infrastructure-client-access/

If a client access & infrastructure appliance model is used, you should also ensure TCP 3306 (DB access)  is open between the DMZ and LAN appliances.

Every journey begins with a single step

There can be many paths to a desired document. Let Foldr be your guide, wherever the destination...

Find File Zen