Siebel Security Hardening Guide > Securing the Network and Infrastructure > About Securing the Network Infrastructure >

Guidelines for Assigning Ports on Firewalls

This topic provides guidelines for assigning ports when setting up firewalls in a Siebel Business Applications implementation.

Configure communication ports as follows:

• Set up the external firewall to enable HTTP (default port 80) and HTTPS (default port 443) communications between external Siebel Web Clients in the Internet zone and the IP address of the Web server in the demilitarized zone according to the security parameters set on the Siebel Web Server Extension (SWSE).
• Set up the choke firewall (the firewall between the demilitarized zone and the intranet) as follows:
  • For communications from the Web servers to the Siebel Server, use the SCBroker port (Siebel load balancing) or the virtual port of a third-party HTTP load balancer for Transmission Control Protocol (TCP) traffic. The default port used by SCBroker is 2321.
  • For communications from the Web servers to the Gateway Name Server, enable port 2320.
• If you choose to place an internal firewall between the intranet zone and the internal highly secure zone, then set up the internal firewall as follows:
  • Enable port 636 for secure transmission of authentication information between the security adapter and the Siebel Servers. (The default is port 389.)
  • For communications between the Siebel Server and the Siebel database, enable the following default TCP ports:
    • 1433 (Microsoft SQL)
    • 1521 (Oracle)
    • 50000 (DB2)
  • (Microsoft SQL only) Enable TCP port 139 and UDP ports 137 and 138 for communications between the Siebel Server and the Siebel File System.

For additional information on the default port allocations used by Siebel Business Applications, see Default Port Allocations. For additional information on firewalls, see Network Zones and Firewalls.