Firewall, Proxy Servers & Ports

Required Ports

For correct functionality of the whole service these ports should be available:

  • HTTP (Port 80) This is standard web traffic.
  • SSL Secure Sockets Layer for security. (Same as is used for bank transactions.)

SSL Secure Sockets Layer

Ports that are associated with SSL (Secure Sockets Layer). This varies between Proxy server and Firewall, normally there is a specific service that can cope with this as a whole, rather than the configuration of specific ports, although if specific ports are required then further information can be given.

Port 443 is the control layer port for SSL. In a system where SSL is not allowed the port is closed, but the fact that a connection can be attained on port 443 does not necessarily mean that SSL will work. There are a range of about 15 other ports, dynamically allocated, in band (that is assigned by the information passed through port 443), which means that if the mechanism of assigning is not present, or using the wrong version, then SSL will not maintain a session, and therefore a secure connection to cannot be accomplished. This connection needs to be maintained for the duration of using, else new keys would need to be generated at each request for data to the web server, i.e each change of page, and for that would be a lot of new keys ! The ports used are part of the security of the system too, if the system were to use only a singular port for SSL, then it would be possible to capture the entire session for a given user, thus invalidating the point of using SSL.

If you have a Proxy Server or Firewall that allows ICMP Traffic then you may issue a 'ping' command from your client to test that you have connectivity.

Server IP Numbers

Servers that are required for the correct functioning of the application are:

  • Cadweb Firewall
  • Web Server
  • Virus Scanning Server

What is a Firewall?

A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.

Basically, a firewall, working closely with a router program, filters all network packets to determine whether to forward them toward their destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.

There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain names and IP addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates.

A number of companies make firewall products. Features include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface for controlling the firewall.

Extracted from

What is a Proxy Server?

In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.

A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server, looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.

To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)

An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.

The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.

Extracted from

What are Ports ?

1) On computer and telecommunication devices, a port (noun) is generally a specific place for being physically connected to some other device, usually with a socket and plug of some kind. Typically, a personal computer is provided with one or more serial ports and usually one parallel port. The serial port supports sequential, one bit-at-a-time transmission to peripheral devices such as scanners and the parallel port supports multiple-bit-at-a-time transmission to devices such as printers.

2) In programming, a port (noun) is a "logical connection place" and specifically, using the Internet's protocol, TCP/IP, the way a client program specifies a particular server program on a computer in a network. Higher-level applications that use TCP/IP such as the Web protocol, HTTP, have ports with preassigned numbers. These are known as "well-known ports" that have been assigned by the Internet Assigned Numbers Authority (IANA). Other application processes are given port numbers dynamically for each connection. When a service (server program) initially is started, it is said to bind to its designated port number. As any client program wants to use that server, it also must request to bind to the designated port number.

Port numbers are from 0 to 65536. Ports 0 to 1024 are reserved for use by certain privileged services. For the HTTP service, port 80 is defined as a default and it does not have to be specified in the Uniform Resource Locator (URL).

3) In programming, to port (verb) is to move an application program from an operating system environment in which it was developed to another operating system environment so it can be run there. Porting implies some work, but not nearly as much as redeveloping the program in the new environment. Open standard programming interfaces (such as those specified in X/Open's UNIX 95 C language specification and Sun Microsystem's Java programming language) minimize or eliminate the work required to port a program. Also see portability.

Extracted from

  • Chorus Group
  • Haddon Few Montuschi
  • Aukett Fitzroy Robinson
  • 8build
  • Benton Property Holding
  • Heyne Tillett Steel
  • Chapman Taylor
  • Grontmij
  • Jacobs
  • DTZ
  • Peter Deer and Associates
  • Willmott Dixon
  • Confluence
  • BAM
  • Wates
  • development2020
  • Scott White and Hookins
  • InterContinental Hotels Group
  • Hermes
  • WSP
  • CBRE
  • Oakmayne
  • Istithmar P&O Estates
  • GDM Partnership
  • M+W Group
  • Savvy Infrastructures Pvt. Ltd
  • Erga Progress Engineering Consultants
  • The Property Merchant Group
  • WYG
  • BWB Consulting
  • Stride Treglown
  • RED
  • Gleeds
  • Emrys Architects
  • Brookfield Multiplex
  • Great Portland Estates
  • Pacnet
  • CWL&M
  • Buro Four
  • McLaren Group
  • Clarke Bond
  • Ghana Water Company Limited
  • DLA Design
  • TateHindle Architects
  • Cudd Bentley Consulting
  • Landscape Projects
  • BFLS
  • Spenhill
  • Hoare Lea
  • Laing O'Rourke
  • AWP Architects
  • Atkins
  • Medical Research Council
  • EC Harris
  • CRHI
  • Halcrow
  • London & Cambridge Properties
  • Wiltshire County Council
  • Waterman Group
  • Mubadala
  • Davis Langdon
  • McBains Cooper
  • Balfour Beatty
  • ae7
  • Darling Associates Architects
  • Arup
  • RHWL Architects
  • Knight Harwood
  • Hochtief
  • Sheppard Robson
  • Buro Happold
  • Kier
  • GVA
  • Sweett Group
  • Eric Parry Architects
  • nps group
  • WT Partnership
  • ORMS Architecture Design
  • URS