Skip past navigation linksSecure Global Desktop 4.31 Administration Guide > Security > Using Secure Global Desktop with the HTTPS port through a firewall

Using Secure Global Desktop with the HTTPS port through a firewall

Problem

Your firewall only allows web access from the Internet via port 443. You need Secure Global Desktop to use this port as well.

Solution

Reconfigure Secure Global Desktop to listen on port 443. Then use the Firewall Forwarding facility to allow Secure Global Desktop to forward any traffic not related to Secure Global Desktop to your web server.

Case study

Indigo Insurance, has their firewall configured to only allow HTTPS access (on port 443) from the Internet. They do not want to open any additional ports so their array of Secure Global Desktop servers must use the same port as well.

Solution

  1. In Array Manager, select Array and click the Properties button.
  2. Change Port Numbers, Encrypted connections from 5307 to 443.
  3. For each Secure Global Desktop server in the array, use tarantella config list --array-port-encrypted to check that the change to the port number has taken effect.
  4. Reconfigure each web server in the array to listen on localhost port 443. For the Secure Global Desktop Web Server, edit the <IfDefine SSL> section in the httpd.conf file and change Listen 443 to Listen 127.0.0.1:443.
  5. For each Secure Global Desktop server in the array, select Security properties and set Firewall Forwarding URL to https://127.0.0.1:443. (Alternatively, type tarantella config edit --security-firewallurl https://127.0.0.1:443 from a command line.)
  6. If you are using the browser-based webtop or you have developed your own web applications, you must also secure the SOAP connections to a Secure Global Desktop server.
  7. Restart each Secure Global Desktop Web Server in the array, tarantella webserver restart --ssl.
  8. Restart each Secure Global Desktop server in the array, tarantella restart command.

Next steps

Related topics