1. Security Guide
  2. Guidelines for Assigning Ports on Firewalls

Guidelines for Assigning Ports on Firewalls

This topic provides guidelines for assigning ports when setting up firewalls for your Siebel CRM implementation.

Configure communication ports as follows:

  1. Set up the external firewall to enable HTTPS (default port 443) communications between external Siebel Web Clients in the Internet zone and the IP address of the Load Balancer/Reverse Proxy in the demilitarized zone according to the security parameters set on the Application Interface.

    Open the reverse proxy port configured on the reverse.

  2. Set up the choke firewall (the firewall between the demilitarized zone and the intranet) as follows:

    • For communications from the Load Balancer/Reverse Proxy to the Application Interface, enable the Application Interface HTTP/HTTPS port (the default ports are 80/443)

    • For communications from the Application Interface to the Siebel Server, use the SCBroker port (Siebel load balancing) for Transmission Control Protocol (TCP) traffic. The default port used by SCBroker is 2321.

    • For communications from the Application Interface to the gateway, use the gateway port (the default port 2320).

    • For communications from the Application Interface to the database, use the database port.

    Note: For inbound connections into the Siebel environment (such as, Siebel Web Client to Application Object Manager connections, inbound Web Services requests, inbound HTTP rRequests, inbound RESTFul API requests), use the Siebel Application Interface HTTPS port 8011. For outbound connections (such as, Siebel application server to application container connections, Siebel outbound REST requests, outbound EAI HTTP/HTTPS requests, outbound Web Services requests, outbound Java/JMS integrations) , use Siebel Server HTTP port 8002.

  3. Oracle recommends placing an internal firewall between the intranet zone and the internal highly secure zone, then setting up the internal firewall as follows:

    • Enable port 636 for the secure transmission of authentication information between the security adapter and the Siebel Servers. (The default port is 389.)

    • For communications between the Siebel Server and the Siebel database, enable the following default ports:

      • Microsoft SQL: TCP ports 1433, 139 and UDP ports 137, 138 (ports 137–139 are for communications between the Siebel Server and the Siebel File System).

      • 1521 (Oracle)

      • 50000 (DB2)

Note: Even though Siebel Server and the Cloud Gateway are usually in the same network security zone, the gateway port must be open (the default port is 2320).

For more information on port allocations used by Siebel CRM, see Default Port Allocations.