How to use Groove through a firewall (907740)


The information in this article applies to:

  • Groove Virtual Office 3.0 File Sharing Edition
  • Groove Virtual Office 3.0 Professional Edition
  • Groove Virtual Office 3.0 Project Edition
  • Groove Virtual Office 3.1 File Sharing Edition
  • Groove Virtual Office 3.1 Professional Edition
  • Groove Virtual Office 3.1 Project Edition

INTRODUCTION

This article describes how to use Groove Virtual Office though a firewall. Additionally, this article discusses which ports and resources Groove requires and which ports enable Groove to work most efficiently.

MORE INFORMATION

Firewalls are designed to limit the access into and out of a network. If a firewall is not in the path between two devices that interact with Groove, Groove uses Simple Symmetric Transport Protocol (SSTP) over TCP/IP to exchange data. Because most companies configure firewalls to allow employees to access the Internet, Groove takes advantage of this existing configuration to send and receive information when Groove cannot make direct connections over SSTP. This technique is known as HTTP tunneling.

Groove operates most efficiently if users can establish direct connections by using SSTP over TCP/IP. Firewalls may be configured in many different ways. These configurations determine the types of packets that a firewall allows from behind the firewall to the Internet and the types of packets that the firewall allows from the Internet to behind the firewall. If a computer that is running Groove Virtual Office is behind a proxy or a firewall that only allows outgoing connections, Groove will use an HTTP or SSL connection to a Groove relay server so that communication is still possible. This HTTP or SSL connection to a Groove relay server will work even between two sites that are behind a proxy or a firewall that only allows outgoing connections.

Groove can use additional transport types that work through some firewalls and proxies at less of a performance cost than a standard HTTP connection. Groove uses the following other connection types:
  • HTIP/SSL connections that use a Secure Sockets Layer (SSL) proxy to connect to the relay server through port 443
  • SOCKS connections that use a SOCKS proxy to connect to the relay server through port 2492
  • HTTP connections that use various mechanisms to maintain the TCP connection for multiple operations
If your company wants to configure your firewall to allow Groove communications, open outgoing TCP connections on ports 80 and 443 for HTTP and SSL. These ports may already be open for other Web sites. For best performance, also allow TCP connections on port 2492 for SSTP. SSTP is the native peer-to-peer protocol for Groove.

If you want to restrict outgoing HTTP connections and still use Groove, configure exceptions by destination IP address to open HTTP access to 63.209.254.*, 198.182.235.*, 207.244.116.*, and 207.244.117.* to reach all the Groove relay, activation, and component servers.
Modification Type:MajorLast Reviewed:12/2/2005
Keywords:kbExpertiseAdvanced kbinfo KB907740 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.