Use FileMaker in a Wide Area Network

How to get FileMaker to make a connection through a NAT firewall from a WAN.

By Todd Duell

F ileMaker Pro and Server can be used in

both a local area network (LAN) and wide area network (WAN). If you want to allow WAN connections to your database through your firewall there are only a few steps that you need to do enable the connection. For secure connections, you should consider installing virtual private network (VPN) hardware.

FileMaker Server be used in a WAN or LAN situation if more than 3 or 4 people are using the databases. Using FileMaker Server offers better performance, hosts more files and users, and most importantly, has automated back-up capabilities.

NAT Firewalls
To get through your Network Address Translation (NAT) firewall youll need to enable port forwarding for port 5003. Port 5003 has both TCP and UDP capabilities. However, youll only need to enable TCP connection (Figure 1). Port forwarding takes the request from the WAN and forwards it to the computer on your network that is hosting the databases. This computer can either be FileMaker Server or another computer that is sharing databases with FileMaker Pro. FileMaker Server can host up to 125 databases with 250 guests, whereas only up to 25 users can connect with FileMaker Pro and is limited by the number of databases that are open. In almost all cases, I highly recommend that

Figure 1 Firewall Settings Set port 5003 to forward TCP requests to the IP address of the computer hosting the databases.

Todd Duell is the Vice President & CIO of Formulations Pro, Inc and has been creating powerful commercial and custom solutions using FileMaker Pro since 1989. He holds an MBA in Technology Management and has been an Associate member of the FileMaker Solutions Alliance since 1998. Todd may be reached at tduell@formulationspro.com 2003 Formulations Pro, Inc. All rights reserved. www.formulationspro.com

To enable the databases to be shared over the WAN the network sharing preferences for EACH database must be set to one of the Multi-User settings. With the database open, select File/Sharing. If you want to allow the users to see the database in the host dialog box, select Multi-user. If you want to hide the database in the users host dialog box, select Multi-User (Hidden) (Figure 2). This is very useful if you have a lot of databases and you only want the users to be able to open the main database.

When connecting to the database, users from the WAN will need to launch their copy of FileMaker Pro. When the application is open and running, select File/Open Remote. When the host dialog box opens, select Specify Host. This will open another dialog box that asks for the Domain Name Server (DNS) name or IP address of the server (Figure 3). When the connection is made to the computer that is hosting the files you will see a list of all the available databases in the host dialog box.

Figure 3 Specify the Host Enter the DNS name or IP address of the computer hosting the databases.

Virtual Private Networks

Simply allowing port forwarding to the hosted database is an easy way to enable remote work-group productivity. However, there are serious security concerns when transmitting data in this fashion. Data going across WAN with this method is transmitted as normal ASCII text that can be read by anyone. Therefore, unless the data in not sensitive, you should consider using a virtual private network connection (VPN) or encryption plug-in.

Figure 2 Sharing Preferences Set the network sharing preferences to multi-user.

Page 2

A VPN allows you to connect over the Internet to the resources on your companys network, going around the firewall, as an authenticated user. With a VPN, you are essentially connected as if you were inside the LAN. VPN does this by creating a tunnel through which the information is passed back-and-forth so hackers cannot get to it. There are software VPN programs and VPN hardware. Most companies prefer to use hardware to manage the VPN connection because of better security capabilities. The company will maintain a router or gateway with VPN capabilities and each user will have a box that looks like a small router connected between their computer and their Internet connection. The users equipment will need to be configured with the same passwords and settings as the companys VPN to enable the connection. Therefore, a VPN is more secure than simply using port forwarding to connect through the firewall that lets anyone into the network, without authentication, that knows the domain name or IP address. For performance reasons, WAN users should be on a cable or DSL modem. Many residential ISPs can now provide business accounts to your house. In some cases all the way up to dedicated T3 lines. You can also use a dial-up modem, but performance will be painfully slow.

Summary
Enabling a wide area network connection to your databases is relatively easy when using port forwarding throughp your firewall. However, your data will not be secure by simply using port forwarding. If data security is a concern, you should consider adding virtual private network equipment to guarantee a secure connection.

Page 3