[ngw] SLES15 and GW Mobility

Craig Meads craigm at cwise.co.nz
Sun Oct 10 23:26:45 UTC 2021


For those that are interested, I have resolved this now.

The issue seems to be that the Firewall configuration GUI in Yast is buggy.

I installed firewall-config with Zypper and used that. It showed, for example 443-447 TCP, but, there was no Protocol, so I added TCP, and the result was immediate. (I decided to use leave the Public Zone as the default, and put the entries in that zone.

The Yast GUI, although showing 443-447 has no place to make TCP an allowed Protocol. It's like it's missing some options.

Maybe I'll upgrade to SP3 and see if that is better.

Cheers

Craig
>>> "Craig Meads" <craigm at cwise.co.nz> 9/10/2021 07:32 >>>
Yes, GMS connects to GW fine. Typing this on my phone, as firewall is inactive. SSH is added, but made no change. I have raised an SR.CheersCraigSent from my Galaxy<div>
</div><div>
</div><!-- originalMessage --><div>-------- Original message --------</div><div>From: James Taylor <James.Taylor at eastcobbgroup.com> </div><div>Date: 9/10/21  2:50 am  (GMT+12:00) </div><div>To: ngw at ngwlist.com </div><div>Subject: Re: [ngw] SLES15 and GW Mobility </div><div>
</div>
>>> "James Taylor" <James.Taylor at eastcobbgroup.com> 10/09/2021 02:51 >>>
That seems a bit odd. 
Is the GMS communicating with the GW server?
If so, the only port that should be needed for the device connections is 443.
You are connecting devices with port 447? Seems like that could be problematic if they are running on wifi behind proxies or firewalls.
Are all of these services running on one server?
If I do have to have two different services using the same port on one server, I usually bind a secondary address and make sure each service is listening exclusively on it's dedicated address so I don't have to worry about using non-standard ports.
Also, I usually proxy all of my webservices, so my external ports are always 443.
I don't do a lot with the local server firewall, but if you allow sshd it will external access, and it would be a pretty good model for allowing other services externally.
-jt


James Taylor
678-697-9420
james.taylor at eastcobbgroup.com



>>> "Craig Meads" <craigm at cwise.co.nz> 10/7/2021 11:45 PM >>> 
A quick question:

I have installed a SLES 15 SP2 machine, with GW Web on it, and commercial certificate - all working good.

I have installed GMS 18.3.2 on it, with commercial certificate, but devices will only connect if the Firewall is switched off.

I have "External" on the Firewall set with ports 4500, 8120,443-447, 7191   GW Web connects via port 446 (443 is used on the GroupWise Server for the old Webaccess still) and the mobiles connect via 447.

Is there something else I am missing on the Firewall side of things with SLES 15? I can't seem to find any documentation on the SLES 15 Firewall (Yast) for GMS.

Cheers

Craig

11 Gover St, PO Box 279
New Plymouth 4340, New Zealand
Ph 64 6 7575767
Mob 64 21 420521

craigm at cwise.co.nz, www.cwise.co.nz 




_______________________________________________
ngw mailing list
ngw at ngwlist.com
http://ngwlist.com/mailman/listinfo/ngw





More information about the ngw mailing list