Configuring NCache Behind Firewall
Firewalls are generally used to secure networks / environments from unwanted or unrecognized traffic sources. If you have a firewall enabled in your environment then NCache can also be configured to run with a firewall without any issues.
NCache deals in two types of communications, cache server to cache server (within the cluster) and client application to cache servers. Therefore, in a firewalled environment, it is required that NCache ports are open to allow these communications.
Here are details of all required NCache Ports:
NCache Communication Ports
- Cluster Ports (server-server communication): The default range for this port is between 7800 – 7900.
- Client-Server Port (client-server communication): By default, the NCache server listens to all requests from cache clients on port 9800.
NCache Management Ports
- Management Ports: By default, TCP port 8250 is reserved for NCache Service and PowerShell cmdlet.
- Cache Management Ports: The default port range for the management of caches is between 8300-8400.
- Web Management Port: By default, TCP port 8251 is reserved for the NCache Web Manager.
NCache Monitoring Ports
You need to open the following ports only if you are monitoring NCache clusters through Prometheus or SNMP:
- Prometheus Server Port: By default, the Prometheus server runs at port 9090.
- SNMP Listeners Info Port: By default, SNMP listens at port 8256.
- SNMP Cache Listeners: The port range for SNMP cache listeners lies between 11000 – 11999.
- SNMP Client Listeners: The port range for SNMP client listeners lies between 12000 – 12999.
- SNMP Bridge Listeners: The port range for SNMP bridge listeners lies between 13000 – 13999.
- SNMP Bridge Cache Listeners: The port range for SNMP bridge cache listeners lies between 14000 – 14999.
- Metrics Server Port: By default, the metrics server runs at TCP port 8255. The Prometheus agent also runs on this port.
NCache Bridge Ports
You need to open the following ports only if you want to use the bridge feature of NCache:
- Bridge Port: The default port for the bridge is 9900.
- Bridge Management Port: The default port for bridge management is 8260.
- Bridge Ports: The port range for the bridges lies between 10000 – 11000.
In the following scenarios, we've explained which ports should be opened for NCache to work:
Firewall between NCache Clients (Web/App-servers) and NCache Cache Servers
For environments where Web/App servers and cache servers are placed in separate networks (like private networks) and a firewall is placed between them, port 9800 should be open on all cache servers for client-server communication.
If your business needs require having a firewall enabled, you should allow communication on all the required NCache ports.
Firewall between NCache Server Nodes
If there is a firewall between NCache server nodes then you need to open Cluster Ports and NCache Service port for successful cluster communication and management.
Since the cache servers are usually present in a secure environment, a firewall isn’t typically needed. But, if you still have a firewall enabled then NCache still allows you communication between server nodes if you have opened the required ports.
What to Do Next?