Giter VIP home page Giter VIP logo

Comments (3)

nshampur avatar nshampur commented on July 27, 2024

good find. Fix looks almost good. We should however make sure it does not break any HTTP calls made by automation.
Can you parameterize this and set the default to match current behavior.
Our lab/test environments have firewalls disabled, so we likely missed this scenario.

from arcgis-powershell-dsc.

spitzerr avatar spitzerr commented on July 27, 2024

If we parameterize this, the Firewall-Rule for Portal should be adjusted to open Port 7080 (-> non SSL-Port) if Switch is off.

from arcgis-powershell-dsc.

spitzerr avatar spitzerr commented on July 27, 2024

We should however make sure it does not break any HTTP calls made by automation.

I can't see any HTTP calls to Portal made by automation, so it should be fine from this perspective.

On the other hand the Firewall Rules for Portal seem a little bit messed up according to this Docu:
https://enterprise.arcgis.com/en/portal/latest/administer/linux/ports-used-by-portal-for-arcgis.htm
compared with

arcgis-powershell-dsc/Modules/ArcGIS/Configuration/ArcGISConfigure.ps1

Lines 751 to 828 in 2fcd4f5

$IsMultiMachinePortal = (($AllNodes | Where-Object { $_.Role -icontains 'Portal' } | Measure-Object).Count -gt 1)
if($IsMultiMachinePortal -or ($ConfigData.PortalEndPoint -as [ipaddress]))
{
xFirewall Portal_FirewallRules
{
Name = "PortalforArcGIS"
DisplayName = "Portal for ArcGIS"
DisplayGroup = "Portal for ArcGIS"
Ensure = 'Present'
Access = "Allow"
State = "Enabled"
Profile = ("Domain","Private","Public")
LocalPort = ("7080","7443","7654")
Protocol = "TCP"
}
$Depends += @('[xFirewall]Portal_FirewallRules')
}
else
{ # If single machine, need to open 7443 to allow federation over private portal URL and 6443 for changeServerRole
xFirewall Portal_FirewallRules
{
Name = "PortalforArcGIS"
DisplayName = "Portal for ArcGIS"
DisplayGroup = "Portal for ArcGIS"
Ensure = 'Present'
Access = "Allow"
State = "Enabled"
Profile = ("Domain","Private","Public")
LocalPort = ("7443")
Protocol = "TCP"
}
xFirewall ServerFederation_FirewallRules
{
Name = "ArcGISforServer-Federation"
DisplayName = "ArcGIS for Server"
DisplayGroup = "ArcGIS for Server"
Ensure = 'Present'
Access = "Allow"
State = "Enabled"
Profile = ("Domain","Private","Public")
LocalPort = ("6443")
Protocol = "TCP"
}
}
if($IsMultiMachinePortal)
{
xFirewall Portal_Database_OutBound
{
Name = "PortalforArcGIS-Outbound"
DisplayName = "Portal for ArcGIS Outbound"
DisplayGroup = "Portal for ArcGIS Outbound"
Ensure = 'Present'
Access = "Allow"
State = "Enabled"
Profile = ("Domain","Private","Public")
RemotePort = ("7654","7120","7220", "7005", "7099", "7199", "5701", "5702") # Elastic Search uses 7120,7220 and Postgres uses 7654 for replication, Hazelcast uses 5701 and 5702 (extra 2 ports for situations where unable to get port)
Direction = "Outbound"
Protocol = "TCP"
}
$Depends += @('[xFirewall]Portal_Database_OutBound')
xFirewall Portal_Database_InBound
{
Name = "PortalforArcGIS-Inbound"
DisplayName = "Portal for ArcGIS Inbound"
DisplayGroup = "Portal for ArcGIS Inbound"
Ensure = 'Present'
Access = "Allow"
State = "Enabled"
Profile = ("Domain","Private","Public")
LocalPort = ("7120","7220", "5701", "5702") # Elastic Search uses 7120,7220, Hazelcast uses 5701 and 5702
Protocol = "TCP"
}
$Depends += @('[xFirewall]Portal_Database_InBound')
}

From my perspective:

  • Open 7080 in first else branch as well.
  • Don't open 6443 on any part as it is ArcGIS Server Port and is only necessary if ArcGIS Server is installed on that machine.
  • Port 5703 is missing for HA-Portal (IsMultimachinePortal)
  • According to Docu Ports 7120, 7220 and 7654 are only local ports (so Outbound should be sufficent)

Could you please advise on these findings?

from arcgis-powershell-dsc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.