Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Sharepoint firewall installation

  Asked By: Eddy    Date: May 15    Category: Sharepoint    Views: 868

Anyone using deploying Sharepoint between firewalls? I need to seperate the front end boxes from the application functions (search/index/database) and am looking for some architecture suggestions.



7 Answers Found

Answer #1    Answered By: Megan Martin     Answered On: May 15

Architecture wise between your front  ends out in the wild and your backends? Most likely you really only need SQL opened between your front ends and the SQL. Additionally you'll probably need some sort of LDAP access between your domain controller and your front ends so that users can actually get on the site -- course if you're using local accounts then you shouldn't need anything.

Answer #2    Answered By: Donta Kirkland     Answered On: May 15

Actually, these aren't external networks. We have a highly compartmentalized data center involving many firewalls seperating internal customer facing zones versus seperated application  server zones.

Answer #3    Answered By: Cade Velazquez     Answered On: May 15

So, can I assume that the only communication between the different servers is 1433 back to the content DB server? I was planning on having two web/search boxes, an index server, a job server and a clustered SQL instance.

Answer #4    Answered By: Ariana Christensen     Answered On: May 15

I can do that...the most important thing to protect IMHO is SQL/TCP1433

Scenario 1
Firewall -> WFEs/Search -IPSec-> Firewall(Open UDP500/TCP50) -> SQL/Index

Scenario 2
Firewall -> WFEs -IPSec -> Router(restrict IPs via ACLs) -> Search/Index
-IPSec->Firewall(Open UDP500/TCP50) -> SQL

We go a step further with Large farms and isolate the SAN/Backup networks.

I always use IPSec AH(TCP51)for connections, some just isolate/restrict inbound
IPs on SQL Cluster to SPS Farm members and open required ports (good luck, there
are some docs on this) You can use ESP(TCP50) for encapsulation, but you can't
do IDS since you can't see the header info.

Answer #5    Answered By: Darrius Whitfield     Answered On: May 15

ou need LDAP connections also...another good reason for IPSec. I
think what he meant by firewalls was like a Screened or Dual-Screened subnet.
And, you need a lot more than a SQL connection to make it work between
firewalls/routers, even more with SSO, etc.

Answer #6    Answered By: Adrienne Greene     Answered On: May 15

You are correct with regard to the SSO, etc. Typically what I've found to be the best case is to turn logging on on the firewall  and have it in a closed environment. Turn everything off and then open things up as they appear in the log.

Answer #7    Answered By: Joshuah Huber     Answered On: May 15

been there more times with more apps than I care to count!

Didn't find what you were looking for? Find more on Sharepoint firewall installation Or get search suggestion and latest updates.