Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SocialMiner Server Placement and Firewall Considerations

Hi,

I am getting ready to deploy a SocialMiner 9.x integration with UCCX for only the Customer Web Chat functionality. The client already has UCCX and their web server is externally hosted outside of their network.

I am finding what seems to be conflicting information on the following items:

  • Where to place the SocialMiner server?
  • Do you have to use a Proxy server?
  • If it can go in the DMZ or Inside network of the firewall, can you create a static NAT for it and open the necessary ports to it for the Customer Web Chat functionality to work?
  • What ports need to be open on the firewall and in what direction depending on where the SocialMiner server is placed?

Ideally, I would like to place the SocialMiner server on the DMZ network, publish a public FQDN that resolves to a public IP that NATs to the DMZ (private) IP of the SocialMiner server, but with the firewall only allowing the required ports to the SocialMiner server. I would prefer to do this without the use of a Proxy server, but as long as this is a supported and clean solution.

Thoughts or advice?

Everyone's tags (2)
8 REPLIES
New Member

SocialMiner Server Placement and Firewall Considerations

Hi Bryan,

I'm getting ready to deploy, just wondering how you got on?

Thanks

New Member

SocialMiner Server Placement and Firewall Considerations

I had the client implement a DMZ and have part of the public IP block be assigned to the it. We then placed the SocialMiner server in the DMZ and only opened the necessary ports from the OUTSIDE to DMZ and from the DMZ to the INSIDE. PDI said that doing NAT to the SocialMiner server is not currently supported. Also, we are doing this without setting up the optional proxy server.

New Member

SocialMiner Server Placement and Firewall Considerations

Thanks for the reply Bryan,

I thought that might be the case I opened up a support case today to confirm. Its hard to understand why NAT is not supported. We currently don't have a proxy server so guess I'll be following the same implimentation plan.

New Member

Re: SocialMiner Server Placement and Firewall Considerations

Yeah, I don't understand why NAT isn't supported. We did limited testing with NAT to the SocialMiner server in our lab environment and it seemed to work fine. We didn't test it end to end, but didn't see any issues with the basic functionality from a UCCX web chat perspective. But we definitely wanted to implement a supported deployment in the client environment. 

New Member

Hi Bryan,

Hi Bryan,

We are getting ready to deploy Social Miner for Webchat in our network, just wondering how you got on with setting up NAT and port permission for social miner to the internet?

Regards

New Member

Hi BryanSo how did this end ?

Hi Bryan

So how did this end ?

 

And what about the fact that public got access to the login page by opening https ?

 

Filip

New Member

I Filip,My setup is like this

I Filip,

My setup is like this External IP > Load Balancer > Nat to internal IP > Internet IP > Routes internal connections to local firewall and external connections back to load balancer

to get this working I had to open a TAC case for root access and then I configured host based routes

New Member

Thanks for sharring , Andrew

Thanks for sharing , Andrew

1154
Views
6
Helpful
8
Replies