Shared Folders and Ports to Be Openend (DMZ)

The message port 8020 (default) must be enabled bidirectionally between the inner Lobster_data and the DMZ server.

In addition, if the SSH module is licensed, port 22 must be opened from the inner Lobster_data to the DMZ server, otherwise FTP port 21.

To allow the DMZ server to be monitored and administered internally, it is recommended that ports 21 (FTP), 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS), 3305 (OFTP TCP), 6619 (OFTPS), 9000 (Admin Console) are opened internally to the DMZ server.

For incoming HTTP/HTTPS requests (web services) that come via the DMZ server, you should consider forwarding them to the internal system.

Important note: Of course, the ports mentioned are only to be opened if you actually use the respective communication and if there is no deviation from these standard ports.

Important note: If two or more DMZ servers are used, a shared directory (file share) is required for folders with transaction data (./as2, ./as4, ./transfer). You need a TCP/IP load balancer that can determine which of the DMZ servers can be reached. Some firewalls can also take care of this.