Extensis employees do not provide Firewall and / or Reverse Proxy configuration assistance. Contact your Corporate LAN / WAN Network Infrastructure Team for assistance with granting external ( Internet ) access to your Portfolio instance.
Table of Contents :
- Firewall Port Forwarding
- Firewall Port Forwarding + TCP Port Translation
- Portfolio Provided SSL : Firewall Port Forwarding
- Portfolio Provided SSL : Firewall Port Forwarding + TCP Port Translation
- Reverse Proxy
1. Firewall Port Forwarding — Example :
Description | External ( TCP ) | Internal ( TCP ) |
Portfolio NetPublish Websites | 207.46.130.100:8085 | 192.168.100.10:8085 |
Portfolio Web / Portfolio Flow | 207.46.130.100:8090 | 192.168.100.10:8090 |
Portfolio Administration | |
192.168.100.10:8091 |
- The “Example Site” NetPublish Website would be accessed via http://207.46.130.100:8085/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via http://207.46.130.100:8090
- The purchase of the “portfolio.example.com” domain name would allow visitors to access the “Example Site” NetPublish Website via http://portfolio.example.com:8085/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via http://portfolio.example.com:8090
- Note that it is not currently possible to change the default NetPublish listener TCP Port.
- Due to security concerns , Extensis recommends that the Portfolio Administration interface not be accessible via the Internet.
2. Firewall Port Forwarding + TCP Port Translation — Example :
Description | External ( TCP ) | Internal ( TCP ) |
Portfolio NetPublish Websites | 207.46.130.100:80 | 192.168.100.10:8085 |
Portfolio Web / Portfolio Flow | 207.46.130.100:8090 | 192.168.100.10:8090 |
Portfolio Administration | |
192.168.100.10:8091 |
- The “Example Site” NetPublish Website would be accessed via http://207.46.130.100/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via http://207.46.130.100:8090
- The purchase of the “portfolio.example.com” domain name would allow visitors to access the “Example Site” NetPublish Website via http://portfolio.example.com/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via http://portfolio.example.com:8090
- Due to security concerns , Extensis recommends that the Portfolio Administration interface not be accessible via the Internet.
3. [ SSL ] : Portfolio Provided SSL : Firewall Port Forwarding — Example :
Description | External ( TCP ) | Internal ( TCP ) |
Portfolio NetPublish Websites | 207.46.130.100:8095 | 192.168.100.10:8095 |
Portfolio Web / Portfolio Flow | 207.46.130.100:9443 | 192.168.100.10:9443 |
Portfolio Administration | |
192.168.100.10:9453 |
- Note that this method requires the purchase of an SSL certificate + matching domain name as well as SSL certificate installation ( within the Portfolio instance ) for both the Portfolio Web and Portfolio NetPublish interfaces.
- It is strongly recommended that the Reverse Proxy method ( outlined in item 5 ) be implemented as this will result in a significant increase in capabilities as well as expedite future SSL certificate
- The “Example Site” NetPublish Website would be accessed via https://portfolio.example.com:8095/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via https://portfolio.example.com:9443
- Note that enabling Portfolio Provided SSL for NetPublish Websites will disable the NetPublish Site Builder preview
- Note that it is not currently possible to change the default NetPublish listener TCP Port.
- Due to security concerns , Extensis recommends that the Portfolio Administration interface not be accessible via the Internet.
4. [ SSL ] : Portfolio Provided SSL : Firewall Port Forwarding + TCP Port Translation — Example :
Description | External ( TCP ) | Internal ( TCP ) |
Portfolio NetPublish Websites | 207.46.130.100:443 | 192.168.100.10:8095 |
Portfolio Web / Portfolio Flow | 207.46.130.100:9443 | 192.168.100.10:9443 |
Portfolio Administration | |
192.168.100.10:9453 |
- Note that this method requires the purchase of an SSL certificate + matching domain name as well as SSL certificate installation ( within the Portfolio instance ) for both the Portfolio Web and Portfolio NetPublish interfaces.
- It is strongly recommended that the Reverse Proxy method ( outlined in item 5 ) be implemented as this will result in a significant increase in capabilities as well as expedite future SSL certificate
- The “Example Site” NetPublish Website would be accessed via https://portfolio.example.com/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via https://portfolio.example.com:9443
- Note that it is not currently possible to change the default NetPublish listener TCP Port.
- Due to security concerns , Extensis recommends that the Portfolio Administration interface not be accessible via the Internet.
5. [ SSL ] : Reverse Proxy — Example :
Description | External ( TCP ) | Server Name | Internal ( TCP ) |
Portfolio NetPublish Websites | 207.46.130.100:443 | assets.example.com | 192.168.100.10:8085 |
Portfolio Web / Portfolio Flow | 207.46.130.100:443 | portfolio.example.com | 192.168.100.10:8090 |
- Note that this method requires the purchase of one or more SSL certificates ( or a “wildcard” SSL certificate ) + matching domain name(s) , Reverse Proxy configuration ( g. NGINX , Microsoft IIS , etc. ) , as well as SSL certificate installation ( within the Reverse Proxy ) for both the Portfolio Web and Portfolio NetPublish interfaces.
- The “Example Site” NetPublish Website would be accessed via https://assets.example.com/example_site/ — while Portfolio Web / Portfolio Flow would be accessed via https://portfolio.example.com
- Note that the “View your site at” URL reported within the final step of the NetPublish Site Builder dialog will likely be incorrect ( Portfolio assumes the base Portfolio Web URL used during the NetPublish Website creation process along with the default NetPublish TCP Port of 8085 ).
- Some WAN Infrastructure Teams have reported that NGINX may require the proxy_set_header Connection ''; parameter in order for external users to properly access their Portfolio Web
- An MSDN article covering the use of Microsoft IIS as a Reverse Proxy is available via the following URL : https://blogs.msdn.microsoft.com/friis/2016/08/25/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world-apps/
- Extensis employees do not provide Firewall and / or Reverse Proxy configuration assistance. Contact your Corporate LAN / WAN Network Infrastructure Team for assistance with granting external ( Internet ) access to your Portfolio instance