We currently have the Vault server installed on a machine that is connected directly to the internet (no firewall) and are developers (located around the county) have the Vault client installed on their machines and connect to the server. We are now in the process of trying to install a firewall, and I wanted to make sure than we did not "break" our Vault installation. With the installation of the firewall, our internal IP addresses on the Server will be changing to 10.*.*.* (because of NAT). If I understand correctly, this should have no effect on the developers who connect outside of the firewall, correct? I had seen a post in the Support (Vault) forum (Subject: Firewall/ router problems) that indicated that they needed to add :80 to the external IP address to get it to work. Is that necessary? I just don't want to leave the developers unable to use Vault Client when the firewall is installed.
Thank you,
Brian Cromwell
Adding a firewall between existing Vault Server and Clients
Moderator: SourceGear
You'll most likely need to configure explicit port forwarding on your firewall (map its external IP's port 80 to your server's internal IP's port 80). With NAT, you'll always need some sort of explicit rule to allow traffic in to your servers, since the firewall would have no way of guessing which internal host (there could be many) should receive the traffic it gets from the Internet on port 80.
With consumer firewall appliances (those sold by NetGear, Linksys, D-link and the like), port forwarding is easily done through the web configuration interface. Remember to also forward port 443 if you want to enable SSL.
With consumer firewall appliances (those sold by NetGear, Linksys, D-link and the like), port forwarding is easily done through the web configuration interface. Remember to also forward port 443 if you want to enable SSL.
Shaw Terwilliger
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`
Be aware of project bindings
Hi!
We are also using Vault behind a firewall. There's one thing you might need to take care of considering the source control bindings in VS IDE if you're using Vault's IDE integration. The problem is, that the binding is not the same wether you access Vault from the internet by using a public IP address or from the private network with a private IP address. This causes the IDE to ask the developer to change the binding for every project which can be quite annoying if you're opening a solution with a couple of projects. We solved this problem by binding to a 'official' DNS name rather to an IP address. However this requires you to register a DNS name entry for your external IP by your ISP.
HTH,
Alex
We are also using Vault behind a firewall. There's one thing you might need to take care of considering the source control bindings in VS IDE if you're using Vault's IDE integration. The problem is, that the binding is not the same wether you access Vault from the internet by using a public IP address or from the private network with a private IP address. This causes the IDE to ask the developer to change the binding for every project which can be quite annoying if you're opening a solution with a couple of projects. We solved this problem by binding to a 'official' DNS name rather to an IP address. However this requires you to register a DNS name entry for your external IP by your ISP.
HTH,
Alex
update4u Software AG