Update: I got it to work by concentrating on only 1 SRS and the "mandatory" ports [see web page in my previous email]. The user reports odd dropouts before getting to the Windows login so I'm going to add the other 2 SRSs in one FW rule request and the "recommended" and "optional" ports in another.
It turns out InfoSec was OK with the "dynamic" entry because it was only going to one server [well, 3 when I get done]. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Nishimura, Scott L (ESS) Sent: Tuesday, August 13, 2013 2:42 PM To: SunRay-Users mailing list Subject: EXT :[SunRay-Users] SRS + Firewall + TC: port question I'm looking into putting some TCs behind a firewall to satisfy certain security requirements. I found a good document detailing with the ports and directional flow http://docs.oracle.com/cd/E22662_01/E22659/html/Reqs-Ports-Protocols.html but the two mandatory entries that say "dynamic" worry me because my InfoSec will likely reject any request that can't specify a port or, at worst, a small range of ports. Dynamic/TCP unicast=>> ALP-AUTH <=unicast 7009/TCP (utauthd) Sun Ray Server Mandatory Presence, control, status Dynamic/UDP with port number >= 32768 unicast=> or unicast=>> when NAT is in use ALP-RENDER <<=unicast or <=unicast when NAT is in use Dynamic/UDP constrained by utservices-low and utservices-high Sun Ray Server Mandatory On-screen drawing, user input, audio Is there a way I can specify which port the communication goes over, increasing my chances that my Information Security team will approve the FW rule request? Solaris 10/update 8 SRSS 4.2 SRWC 2.2 Thanks. Scott _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
