How Guide is Organized
This section provides a general description of how the guide is organized. We recommend that you read the section before configuring a firewall on your CloudBlue Commerce installation.
In this guide, every CloudBlue Commerce service node is represented by its own section. Such a section lists all connections a CloudBlue Commerce service node participates in. Within a section, connections are split into four groups by type: Internal Outgoing Connections, Internal Incoming Connections, External Outgoing Connections, and External Incoming Connections.
Internal means that connections of this type are merely used for communication between CloudBlue Commerce service nodes within a datacenter where CloudBlue Commerce service nodes are placed. For example: BackNet connections from the CloudBlue Commerce management node to CloudBlue Commerce agents installed on CloudBlue Commerce service nodes; FrontNet connections from branding service nodes to webmail service nodes; FrontNet connections from branding service nodes to phpMyAdmin service nodes; BackNet connections from customer websites that are placed on web service nodes to databases that are placed on database service nodes.
External means that connections of this type are merely used for communication between external hosts and CloudBlue Commerce service nodes. For example: access to customer websites that are placed on web service nodes; access to customer mailboxes that are placed on mail service nodes; access to APIs of various external systems.
Outgoing means that a CloudBlue Commerce service node acts as a client and another party acts as a server. This works in the following way for TCP: a client establishes a TCP connection with a server (the client sends a SYN packet to the server; the server sends a SYN-ACK packet to the client; the client sends an ACK packet to the server); the client and the server send packets in both directions after the connection is established (the client sends a packet to the server; the server sends a packet to the client). This works in the following way for UDP: a client sends a datagram to a server; the server sends a datagram to the client in response.
Incoming means that a CloudBlue Commerce service node acts as a server and another party acts as a client. This works in the following way for TCP: a client establishes a TCP connection with a server (the client sends a SYN packet to the server; the server sends a SYN-ACK packet to the client; the client sends an ACK packet to the server); the client and the server send packets in both directions after the connection is established (the client sends a packet to the server; the server sends a packet to the client). This works in the following way for UDP: a client sends a datagram to a server; the server sends a datagram to the client in response.