Use Access Manager with firewalls. Figure 1-1 illustrates a firewall setup for a basic Access Manager configuration of Identity Server, Access Gateway, Analytics Server, and Administration Console.
Figure 1-1 Access Manager Components between Firewalls
First Firewall: If you place a firewall between browsers and Access Gateway and Identity Server, you need to open ports so that browsers can communicate with Access Gateway and Identity Server and Identity Server can communicate with other identity providers.
For information about ports required to open in the first firewall, see First Firewall
in the NetIQ Access Manager 5.0 Installation and Upgrade Guide.
Second Firewall: The second firewall separates web servers, LDAP servers, Analytics Server, and Administration Console from Identity Server and Access Gateway.
For information about ports required to open in the second firewall, see Second Firewall
in the NetIQ Access Manager 5.0 Installation and Upgrade Guide.
You can configure your Access Manager components so that Administration Console is on the same side of the firewall as other Access Manager components and have a firewall between them and LDAP servers.
Figure 1-2 A Firewall Separating Administration Console and the LDAP Server
In this configuration, you need to open the required ports in the second firewall for Administration Console and Identity Server.
For information about all required ports, see Required Ports
in the NetIQ Access Manager 5.0 Installation and Upgrade Guide.