You can configure Crystal Enterprise to work with different types of firewalls. This section explains how to configure Crystal Enterprise to work with different firewalls in different scenarios. This section assumes that the Web Connector and the Web Component Server (WCS) reside on separate computers. (If they reside on the same computer, their communication is uninterrupted by firewalls, and no additional configuration is required.)
In most cases, clients access protected information through a web server running in a Demilitarized Zone (DMZ). A DMZ is a network area that is neither part of the internal network nor directly part of the Internet. Typically, the DMZ is set up between two firewalls: an outer firewall and an inner firewall.
The only Crystal Enterprise component that needs to provide direct service to external clients is the Web Connector, which must be installed on the web server. When a client makes a request to the Web Connector, the Web Connector makes a TCP/IP request to the WCS on a specific port (the default port is 6401). The most logical and secure way to position the web server and the Web Connector is to place them in the DMZ. All the other Crystal Enterprise components can then be placed on the internal network.
Click the appropriate link to jump to that section:
| Crystal Decisions, Inc. http://www.crystaldecisions.com Support services: http://support.crystaldecisions.com |