Comments on: Configuring Firewall Ports for FileMaker 9

By: Andreas

Andreas — Thu, 29 Jul 2010 11:02:19 +0000

Hi,

Is there a solution for discovering the FM Server on an other subnet/vlan?
Something like the “ip helper address” for forwarding dhcp requests to an dhcp server on an other subnet/vlan.
Due to changes in the network i have my FM Server on an other subnet/vlan and now the clients can’t start there FM programs because they can’t find the server. When pointing to the server it works because i opened tcp/5003 but it’s so much code that i rather come up with a network or server side solution than changing it everywhere.

Thanks,

Andreas.

By: Philippe Lazzaroni

Philippe Lazzaroni — Sat, 05 Jun 2010 10:01:41 +0000

Hi Geoff

I’ve heard there were some minors changes brought to the network ports with the release of FileMaker Server 11. Let me know if you update the diagram so I can update the French version as well.

Thanks

Philippe

By: Ray

Ray — Sun, 20 Dec 2009 04:33:05 +0000

Great diagram! This is probably pretty obvious to most, but I wanted to point out some typos with regard to some of the ports (let me know if I’m mistaken): under the “Web Publishing Engine” entity you’ve listed ports “16004-1607″ and “1608-16018″. I believe those should be “16004-16007″ and “16008-16018″. Thanks!

By: Chue

Chue — Thu, 26 Feb 2009 21:44:46 +0000

good thing i found this post. helped me out a lot with the explanations. i have a current problem pertaining to firewalls. we have an xserve running 10.5 server and fms 9. our server firewall has all the appropriate ports enabled. my problem came about because the school campus where we are located recently implemented a new security policy (border firewall). i think they closed many of the ports that filemaker uses and outside connection ceased. from the outside through VPN, i can get to the the iwp. through VPN, using a filemaker pro client, i cannot see the server.

we also have tons of people logging into the server through iwp that are not tech savvy enough to download and install the vpn client. we are asking the campus security folks to open 5003 to see if this clears it up. i thought that having 80 open would resolve this? i don’t know too much about firewalls but boy am i learning fast. any advice on what i should ask/request of the campus security folks?

By: Haim Roman

Haim Roman — Sun, 15 Feb 2009 07:51:30 +0000

No where do you specify whether the protocol is TCP or UDP. I’m trying now to configure our firewall for this, so this is important. I’m assuming everything is TCP, except port 5353 (mutlicast DNS, or host discovery). According to the multicast DNS draft (http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt), it seems that it’s UDP. I’m adding both protocols, but this should be mentioned.

By: sebman

sebman — Mon, 26 Jan 2009 13:57:54 +0000

ehm – i think there is a small typo:
On the Server Side, between “Web publishing Engine” and “Web Server” shouldn’t it be:
Web Data 16000, 16004-16007 (not 1607), and 16008 (not 1608) -16018…

btw: Nice Work – makes a lot clearer to me now!

By: Geoff Coffey

Geoff Coffey — Fri, 21 Nov 2008 04:41:17 +0000

Will:

We didn’t mention these ports because they don’t have any firewall implications. They are used by components of FileMaker server to communicate with one another, but not between components that typically run on separate computers.

I believe the “remote admin” requests in question are between the admin server (which is on port 16000) and the core server components.

I can see, in your case, how this info might be useful though.

Geoff

By: Will Loving

Will Loving — Thu, 20 Nov 2008 16:01:03 +0000

Great diagram, but I’m wondering why it’s leaving out ports 50003 and 50006 which are used FileMaker Server 9 Admin. As I understand it, FMS listens on 50003 for Remote Admin requests and that the actual Remote Admin service is handled over 50006 (which may or may not be correct).

I have a client who is running FMS9 on a Windows Server with IIS. They have run into a problem where their SmarterStats web statistics application is also using 50003 for communication with itself. Since there appears to be no way to change this port in either FMS or SmarterStat, we have to go to either disable the web stats or move to the expense of a dedicated box for FMS, which would be overkill given what FMS is being used for.

By: Geoff Coffey

Geoff Coffey — Mon, 21 Jan 2008 04:42:38 +0000

I just posted a Japanese version of the diagram, graciously provided by Shin Ninagawa of Splash Inc. Thanks Shin!

By: Harry Catharell

Harry Catharell — Wed, 12 Sep 2007 11:46:12 +0000

Excellent article and particulary the diagram which does say 1000+ words

As a minor side question as you mentioned the database server itself and the FMS components:

Does anyone ‘know’ exactly what the FMS Helper service does as this seems to be hogging quite a lot of processor cycles on our servers

Cheers
Harry