Nowadays, using multiple layers of security to protect your data is no longer a luxury; it is non-negotiable. Further, you need to ensure your Sitecore solution keeps functioning and communicating with your integrated services (e.g. SQL, Mongo, Solr) while maintaining the same level of security.

Let's imagine a scenario where every server has a firewall in-place, determining what is allowed through and what is not. With the absence of proper rules, your Sitecore solution won't be able to establish necessary connections.

Definitive guide to Sitecore firewall rules

So, what's the plan? Initially, there are two questions that could help:

  • What is the source and destination?
  • Which ports does Sitecore need to connect to in order to establish connection?

As Sitecore is initiating the communication, the only port that matters is the Destination port. Additionally, each of the servers (in our scenario: SQL, Mongo and SOLR) has a known default port, as follows:

  • SQL - 1433/TCP
  • MongoDB - 27017/TCP
  • SOLR - 8983/TCP

When one of these services was initially installed, a non-default port may have been chosen. The firewall will need to first identify this non-default port in order to communicate with it, so be sure to take note of which ports were chosen.

Our imaginary scenario only demonstrated three (SQL, Mongo, SOLR) of many in which Sitecore would need to communicate. So, in order to avoid risks during the execution of your Sitecore project, here is the definitive guide to default port communication:

Source  Module  Destination  Destination Port 
Sitecore  - SQL Server 1433/TCP
 - MongoDB 27017/TCP
 - SOLR 8983/TCP
Active Directory Module Active Directory Server 389/TCP
Active Directory Module
Active Directory Server 445/TCP
PXM Module Dashboard Service 8070/TCP
PXM Module InDesign Server 8081/TCP
EXM Module
Mail Server 587/TCP
WFFM Module Mail Server 587/TCP
CRM Module CRM Server 5555/TCP

Additionally, be aware that sometimes your Sitecore solution makes calls to Google, Azure services or other systems. If the firewall blocks output traffic, these communications need to be allowed.

comments powered by Disqus