One day you will end up with testing environments and there will be the requirement of setting up the production SharePoint Platform where Security comes in to the scene. Most of the medium and enterprise level organizations having multiple zones and firewalls in-between them which are the general security and industry practices.
So, we as SharePoint People should know some set of Security practices that used often in the industry which are allows to secure our In-House SharePoint Environments. Among those, placing Web Frontend Servers on DMZ is a quite common practice where all the User hits arrives to Frontend Server/s.
Not a Big deal. There no much of changes in 2013 from SharePoint 2007 or 2010 in Network communications and Protocols perspective it’s still a Web Based .Net Application which depends on SQL Backend Databases and Active Directory/DNS.
This post to elaborate the requirements of Ports between Zones and Servers for SharePoint 2013. this will be applicable for any Multi-Server SharePoint Environment where Firewalls are placed in-between zones.
Normally between DMZ and PRODUCTION there will be a Core Firewall and that’s a known standard practice. This is where you need to allow Inter-Server Communication across SharePoint Servers which are located in different zones or networks. Take below sample scenario.
We got a starter level Three Tier multi Server Farm here. There’s a firewall in-between WFE – APP and AD where we have to open up set of Ports for Inter Server Communications. Let’s assume this is an Intra farm. Intra farm are require quite more ports for various purposes.
In this scenario we need to open several ports in order to allow one tier to talk to other across the Firewall where all the unnecessary ports are blocked unless there is a requirement to open.
Table below has almost everything covered which I use often for most of my scenarios. Make sure that you are opening each Port across each firewall stands between your servers. There may be multiple firewalls sitting here and there for various security aspects so you have to thoroughly analyze the environment first of all else at the last moment a disaster when you start to join Servers and setting up the farm.
Telnet is always a great way of testing communication through Ports across Server. Just use it to try out once you opened the ports.
Also here are some of the key places to read more about understanding SharePoint Server Communications and security hardening. I would highly recommend to refer TechNet at this point where you get everything under one roof.
Planning Security Hardening for SharePoint – http://technet.microsoft.com/en-us/library/cc262849%28v=office.15%29.aspx#UserProfile
SharePoint Guys has done a great article too. This is a very nice overview – http://blogs.msdn.com/b/uksharepoint/archive/2009/01/05/sharepoint-ports-proxies-and-protocols-an-overview-of-farm-communications.aspx