|
$IsMultiMachinePortal = (($AllNodes | Where-Object { $_.Role -icontains 'Portal' } | Measure-Object).Count -gt 1) |
|
if($IsMultiMachinePortal -or ($ConfigData.PortalEndPoint -as [ipaddress])) |
|
{ |
|
xFirewall Portal_FirewallRules |
|
{ |
|
Name = "PortalforArcGIS" |
|
DisplayName = "Portal for ArcGIS" |
|
DisplayGroup = "Portal for ArcGIS" |
|
Ensure = 'Present' |
|
Access = "Allow" |
|
State = "Enabled" |
|
Profile = ("Domain","Private","Public") |
|
LocalPort = ("7080","7443","7654") |
|
Protocol = "TCP" |
|
} |
|
$Depends += @('[xFirewall]Portal_FirewallRules') |
|
} |
|
else |
|
{ # If single machine, need to open 7443 to allow federation over private portal URL and 6443 for changeServerRole |
|
xFirewall Portal_FirewallRules |
|
{ |
|
Name = "PortalforArcGIS" |
|
DisplayName = "Portal for ArcGIS" |
|
DisplayGroup = "Portal for ArcGIS" |
|
Ensure = 'Present' |
|
Access = "Allow" |
|
State = "Enabled" |
|
Profile = ("Domain","Private","Public") |
|
LocalPort = ("7443") |
|
Protocol = "TCP" |
|
} |
|
|
|
xFirewall ServerFederation_FirewallRules |
|
{ |
|
Name = "ArcGISforServer-Federation" |
|
DisplayName = "ArcGIS for Server" |
|
DisplayGroup = "ArcGIS for Server" |
|
Ensure = 'Present' |
|
Access = "Allow" |
|
State = "Enabled" |
|
Profile = ("Domain","Private","Public") |
|
LocalPort = ("6443") |
|
Protocol = "TCP" |
|
} |
|
} |
|
|
|
if($IsMultiMachinePortal) |
|
{ |
|
|
|
xFirewall Portal_Database_OutBound |
|
{ |
|
Name = "PortalforArcGIS-Outbound" |
|
DisplayName = "Portal for ArcGIS Outbound" |
|
DisplayGroup = "Portal for ArcGIS Outbound" |
|
Ensure = 'Present' |
|
Access = "Allow" |
|
State = "Enabled" |
|
Profile = ("Domain","Private","Public") |
|
RemotePort = ("7654","7120","7220", "7005", "7099", "7199", "5701", "5702") # Elastic Search uses 7120,7220 and Postgres uses 7654 for replication, Hazelcast uses 5701 and 5702 (extra 2 ports for situations where unable to get port) |
|
Direction = "Outbound" |
|
Protocol = "TCP" |
|
} |
|
$Depends += @('[xFirewall]Portal_Database_OutBound') |
|
|
|
xFirewall Portal_Database_InBound |
|
{ |
|
Name = "PortalforArcGIS-Inbound" |
|
DisplayName = "Portal for ArcGIS Inbound" |
|
DisplayGroup = "Portal for ArcGIS Inbound" |
|
Ensure = 'Present' |
|
Access = "Allow" |
|
State = "Enabled" |
|
Profile = ("Domain","Private","Public") |
|
LocalPort = ("7120","7220", "5701", "5702") # Elastic Search uses 7120,7220, Hazelcast uses 5701 and 5702 |
|
Protocol = "TCP" |
|
} |
|
$Depends += @('[xFirewall]Portal_Database_InBound') |
|
} |