NTC Firewall Configuration

NTC Firewall Configuration

Firewall configuration

The Stratodesk Virtual Appliance comes with a host firewall similar to any other contemporary server system. It is based on Linux' iptables mechanism and will filter inbound packets and allow only packets to selected services go through.

Firewall configuration

Log in to the appliance web console, and go to "Firewall" to see this screen:

The actual configuration is straightforward and consists of fixed allow/deny rules. Turning the firewall off means to allow ALL access.

The default configuration for new setups is to allow all selected services except the two "Legacy Center" services. If you experience problems with older client versions that may not Announce as expected, consider opening these ports up until things work, then set the URL Prefix correctly and finally turn the services off.

The two Legacy Center services refer to the original NoTouch Center ports 8080 and 8443. With the Reverse proxy it is not necessary to expose them to the outside world. For older installations it may be necessary though, either because the URL Prefix contains an 8080 or 8443 number or clients are too old to automatically try 80/443.

Firewall notes

The firewall "allow" rules include a rule for "related and established" traffic. That means, if you switch for example from Allow to Deny, open connections will not be interrupted. This will manifest in two things, for instance.
  1. If you have a continuous ping running, it will not stop. However, if you interrupt it after changing to "deny", and start a new ping, the new ping will not go through.
  2. If you disable the WWW port you are currently connecting to, your browser session will continue for a while. However, if you close the browser tab after changing to "deny", and then go the same URL again, it will not work any more.
Hint: Do not set everything to "deny" at once. If you play with the firewall settings, leave at least SSH open for recovery (see below). You will lock yourself out permanently if you disable ALL these services. If you do so, you will have to scrap the Virtual Appliance or undergo a complicated unsupported boot-loader-modification-procedure inside your hypervisor console. Don't do it.

    • Related Articles

    • NTC LDAP Role Filter Configuration

      On Domain Controller, create a group (e.g. customntcgroup) Create a user and add it to created group. Login to NoTouch Center as Administrator. Go to Users – Create Role. Enter Role name (i.e. customntcgroup) PS: Name of created group on domain ...
    • Shutdown Suse Firewall

      Product Line:  VERDE   ISSUE:  Temporarily and Permanently shutting down the SLES firewall.   It may become necessary to shutdown a Suse Server and/or SLES Image Firewall.  If so, perform the following: To Shutdown the firewall: ...
    • Update NTC

      Login to NoTouch VA Admin Portal by accessing URL https://ntc_ipaddress/va-admin  or by accessing NTC Login Page and clicking on "VIRTUAL APPLIANCE (CONTAINER) ADMINISTRATION" link under Login button. In the NTC Virtual Appliance Administration page, ...
    • NoTouch Center Virtual Appliance Service Ports \ Firewall

      You can view and manage the default ports for NoTouch center by accessing the firewall configuration panel https://MYApplianceIP/va-admin/fwconfig.php example The default port settings are  Policy Service ...
    • Change a server's hostname in NTC Virtual Appliance

      By default, NTC server is started with the server’s given name as the hostname. However, certificates requires a valid fully qualified domain name (FQDN) for the hostname for proper verification. This article describes how to change a server hostname ...