Set up firewall rules for a multi-tiered installation

Applies to the following products:

Questionmark Perception

Applies to the following Perception versions:

Perception 5.7

This section only applies if you have a firewall between your servers in a multi-tiered installation.

It is important that these shared resources are exposed on the same domain (e.g., https://perception5.host.com) as the one participants are accessing to take assessments to prevent cross-domain issues.

If you have installed Perception in a multi-tiered configuration and have a firewall between your Assessment Delivery Web Server (QPLA) and Perception Application Server (QABS), you will need to ensure that certain web shares can be accessed through the firewall. These are:

/<repository>_sys
/<repository>_res
/<repository>_togo
/<repository>_con

...where <respository> is the name of the shared repository you want to be able to access.

These web shares need to be accessed by the Assessment Delivery Web Server (QPLA) server or the browsers of participants. You will need to create a routing rule for an external address that points to these web shares.

In the firewall, create an external address that can access the /<repository>_sys, /<repository>_res, and /<repository>_togo web shares on the Perception Application Server (QPLA), using port 80 only.

You then need to ensure that the Repository server setting in Enterprise Manager points to the external firewall address you created. You can tighten security further by filtering out requests using the firewall that do not have the correct host header.