we need to move our LAN Zoo machine in a new environment where every network flow needs to be expressly allowed by a dedicated firewall rule.
I’ve read the docs and I understand HTTP traffic on port 80 needs to be allowed both inbound and outbound, that’s ok, but we need more details:
For inbound traffic to the LAN Zoo machine, what are the sources for the communication? I guess it should be allowed from all Rhino workstations, is that correct?
For outbound traffic from the LAN Zoo machine, which destinations need to be reached? What is the purpose of this network flow direction?
When you say the LAN Zoo “replies” to the Rhino application, do you mean it actually initiatesa new connection? Sorry for being picky but it’s an important detail in a protected environment: if Zoo only replies to the connections initiated by Rhino, then all communication happens on the same open channel and there is no need of specific outbound rule, which is instead required if Zoo initiates a separate connection on a new “channel”.
Also, I was told by the person managing the licenses that Zoo connects to some external McNeel server for license verification, is that true? Which kind of connection is it, and to which destination(s)?
Rhino and the LAN Zoo communicate using HTTP which is inherently connectionless. Requests and responses are independent.
The LAN Zoo server service only communicates via TCP Port 80.
That said, some LAN Zoo plug-ins, as as the McNeel license plug-in, will communicate with validation servers on their own. If validation is required, this is communication is only performed when adding or removing licenses from the LAN Zoo.
but it’s an important detail in a protected environment: if Zoo only replies to the connections initiated by Rhino, then all communication happens on the same open channel and there is no need of specific outbound rule, which is instead required if Zoo initiates a separate connection on a new “channel”.