You are viewing limited content. For full access, please sign in.

Question

Question

Default Laserfiche Ports Diagram

Laserfiche Administration Ideas
Updated August 4, 2023
asked on January 17, 2019 Show version history

I would like to request that the Default Laserfiche Ports White Paper include a diagram of the different Laserfiche Products that are mentioned in the paper that shows the paths of communication with their appropriate ports between each product. It would also be nice if this included a Primary Forms server and a Forms Server in a DMZ. We get asked for this on a regular basis and it would be nice to have an official one from Laserfiche.

18 0

Replies

replied on January 23, 2019

I have taken what Samuel so graciously put together and expounded on it a bit. If someone would like to take a look and give me any feedback on corrections or changes that need\should be made, please let me know. I am uncertain about the DMZ items.

12 0
View 3 previous replies
replied on January 23, 2019

I do understand that there are situations where the DMZ setup for Forms may be different, but I am assuming that if they are that someone would just follow the "Hosting Laserfiche Forms 10 In a Perimeter Network (DMZ)" white paper. There could also be more than 1 DMZ server and communication with those would need to be figured out for an STS instance as well.

2 0
replied on July 16, 2021 Show version history

@████████, thanks for sharing this diagram. Question here. Focusing in on the slew of ports required for the web apps (referencing the ports whitepaper):

How would this be different if it wasn't in a DMZ? I saw on the whitepaper that there were several listed as 'internal communication' (8089 & 8188). That would lead me to think the others (shown above) are NOT for internal communication. 

We are setting firewall rules and I can't seem to figure out the source & destination for those ports. Any ideas?

I noticed that @████████'s diagram did not include them, which made me consider the possibility that they are for internal communication.

Thanks again for getting the ball rolling with this post and your diagram! 

0 0
replied on July 16, 2021

If you had two internal Forms servers the 2nd server would need to communicate to the primary server with those same ports. If you only have one server though it does that locally so no firewalls have to be opened.

3 0
replied on July 16, 2021

fantastic. thank you sir!

0 0
replied on August 2, 2021 Show version history

Hi Blake,

For Office integration (with LF v11, and LFDS users), you also need port 443 from "Public User" directly to "Laserfiche Server." It doesn't work through the DMZ. Though you might want to put a port-forwarding service in between.

-Ben

2 0
replied on June 30, 2023 Show version history

Hi Blake,

If you are stil keeping this diagram updated, there's a newer licensing port:

Notifications: Subscribe to receive updates from Directory Server: 5055

Does anyone know if LFDS opens the port, or if the Repo does? 

Edit: The LFDS server send a notification to subscribers, advising them to request an update.

2 0
replied on January 22, 2019 Show version history

Hi all,

I can provide an unofficial network port diagram with directional flows. 

Though it won't cover every possible configuration, it does hit upon the flows between most core Laserfiche components. Please note that an actual load balancer/proxy is not required - that box describes traffic flows from end users. Any of the ports labeled 443 could also be 80 (unencrypted) except for those to LFDS/STS.

Please also note that the Laserfiche Activation service IP address is subject to change. You can always check it by pinging activation.laserfiche.com and seeing what the address resolves to.

Laserfiche Data Flows - Generic - 2019-01-21.png
Laserfiche Data Flows - Generic - 2019-01-21.png (99.28 KB)
Download
8 0
View 1 previous reply
replied on January 23, 2019

@████████, thank you for this! This is a great start. We look forward to an official diagram in the future.

1 0
replied on January 23, 2019

What is port 389 used for? I do not see that port listed in the Default Ports document.

3 0
replied on January 23, 2019

389 is active directory port. 

2 0
replied on January 23, 2019

Thank you Chris.

2 0
replied on January 25, 2021

All - in addition to adding generic network diagrams. Could the white paper also please provide standard differentiation between client and server applications and UDP and TCP? 

The document should specify if the port is a server requirement so that the organization can specific firewall configurations of products for the server environment or end users. They should not share the same policies. 

Maybe adapt the tables to list the following information:  

  • Application,
  • Source (Client/Server),
  • Destination (Client/Server), and
  • Port (TCP/UDP). 

 

Knowing this information would help simplify the information to be specific to role/use.  

Some of the diagrams that Sam provides could be used to provide the generalized knowledge on some of the external Microsoft / system ports often required. 

Thanks for the consideration. 

4 0
replied on August 4, 2023

It's been a while since I posted an update of the port diagram from above. The one below is more up to date but is still probably missing some items. One missing item is the communication for Audit Trail now that Forms communicates with Audit Trail.

3 0
replied on January 29, 2019

Is port 8188 (Laserfiche Authentication Service) used in a Rio environment?

2 0
replied on April 25, 2019

We have a client that is seeing port 135 being used with Forms. What is communicating on that port?

2 0
replied on January 18, 2019

We can consider this request, but one difficulty I foresee is that there are many possible combinations of Laserfiche products. There isn't going to be one definitive diagram that will apply to everyone. At best, we can show diagrams for a few common combinations.

1 0
replied on January 18, 2019

Leif, I understand that everyone's setup could be any number of combinations of servers and products. I think what would be the most helpful is to show a diagram with each Laserfiche product (regardless of what server they sit on) and the communication paths that happen between each product and on what ports.

From that I can communicate to the client what Laserfiche products sit on which of their servers and translate it, but right now we don't have any official document from Laserfiche to go off of to start.

5 0
replied on January 21, 2019

If possible, having directional arrows that show if the port is used for an outbound communication or an inbound one would be helpful.

1 0
replied on January 21, 2019

This would be extremely helpful.

0 0
replied on January 21, 2019

I would also like to weigh in here, this would be a very useful resource.

1 0
replied on January 22, 2019
1 0
replied on January 18, 2019

I agree this would be an amazing resource. 

0 0
replied on January 28, 2019

Thanks for the suggestions. We'll work on releasing a paper including Sam's diagram (or some variant thereof).

0 0
replied on January 28, 2019

Please make sure it includes a DMZ as that is usually the main issue since firewall configurations are more likely needing adjustments going from the internal network to the DMZ. The majority of the time internal communications between servers are not blocked.

4 0
replied on October 8, 2019

Hi Leif,

Was a paper ever released with this info on?

 

 

0 0
replied on January 9, 2020

This ressource has been really usefull to me as I'm currently also working on a diagram for one of my projects.

Regarding the diagram up, i was wondering why there is flows from the Laserfiche Server to the Web Client on 80/443 and 5051 ?

0 0
replied on January 9, 2020

Port 80/443 is used for communication between the Web Client server and Laserfiche Server. Port 5051 is used for Laserfiche Server broadcast notifications. I am honestly not sure if that port is used between the Web Client server and Laserfiche Server.

1 0
replied on January 9, 2020

Laserfiche Server does not need to connect to Web Client over 80/443. That traffic is one-way from Web Client to Laserfiche Server. I'm not actually sure why I have that in my diagram.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...