Perimeter defense

Recommendations

Place the M3 Business Engine Application server and SQL Server machine behind a firewall to reduce security vulnerability.

Open the following ports on the firewall

M3BE application server

When installing an M3 Business Engine environment, the following Firewall Inbound Rules are automatically created for that environment:

SQL server network ports – TCP

Windows firewall

The latest MS Windows OS versions are delivered with enabled Firewall. There are two ways to handle this situation; either disable Windows Firewall or create Inbound Rules that allow client applications to connect to M3BE. When Windows built-in firewall is enabled on your M3 Business Engine application server, you must create exceptions that allow access to ports listed above.

Firewall rules can be created in two ways, by allowing access to ports opened by a process or by opening explicit network ports. To create a firewall rule that allows network access to explicit ports use the following command (this example is valid for Windows 2008 R2):

netsh advfirewall firewall add rule name="<name>" 
dir=in action=allow protocol=TCP localport=<port>

For considerations about firewall installed on SQL Server, see M3 Business Engine and Microsoft SQL Server - Best Practices" (SQL Server BPG) on Xtreme Documentation Portal.