Firewall Issues

If the Millennium program launches, shows the black “text” screen with a few lines for less than a minute, then closes again, the problem may be that it’s being blocked by the local firewall.

Firewall software exists to control traffic between computers within an organization’s local area network and the vast and chaotic Internet. There are a variety of tools and strategies that together constitute a particular organization’s firewall. In order for staff Millennium clients to work, local area network and firewall or other security facilities must be configured to allow library workstations to interact with the central database server located in Orono.

Importance of Ports

Depending on the tasks being performed, staff may need to connect to the same server via web browser, Millennium Java-based client, or Windows-based client. Server processes that support these clients and specific tasks that can be accomplished with these clients are addressed by port number on the server. Local firewall configuration must not impede data traffic between library client machines behind the firewall and those ports on the central server in Orono that correspond to functions used by the local library.

In order to avoid network-based attacks, firewalls (particularly on wireless networks) are sometimes set to prohibit passage of any data packet coming from any but a small handful of “common” ports. Doing this for the entire library site will block libraries from using the Innovative Interfaces software underlying Minerva. As a compromise solution for locations with tight security, specific IPs (belonging to library staff computers) can be allowed greater access through the firewall.

Ports Essential to Millennium Functions

Here is a list of ports used by the Millennium server for functions enabled for Millennium. This list is a subset of the larger list that represents functions used by software modules not enabled for Millennium.

List of Millennium Ports
Task / Service / Activity Port Number
Primary port
(without this, Millennium will not run)
2000
Telnet 23
Web OPAC (HTTP) 80 for the primary database, 81+ for alternate databases
Cataloging Workstation for Windows 4900, 4999, 5210
Web Report Manager 4448
Patron Search Statistics Web Report 4442
Fund Management Web Report 4443
Vendor Performance Statistics Web Report 4445
Circulation Statistics Web Report 4441
Collection Web Reports 4440
Patron API 4500
OCLC Interactive 5500
For all releases 4600 Millennium data server
4601+ Millennium Cataloging reference databases
4666 Millennium ILL data server
4999 Millennium search server
1030 Millennium Encryption port
1031 Database server (serves WebBridge, Millennium Statistics, and
Distance Learning)

Server IP addresses

When opening ports for Millennium it may be advisable to open those ports only for traffic coming to and from the individual server IP address.

For Minerva, the IP address is: minerva.maine.edu
For URSUS, the IP address is: ursus.maine.edu

Firewall Time-Outs

A library running Millennium should NOT have a timeout set on a firewall. If a site running Millennium has a timeout set on a firewall, users may be logged-out during sessions when the terminal is idle for a few minutes.

Cisco Pix Firewall Issue

There are special issues with regard to configuration of a Cisco Pix firewall in conjunction with use of Millennium client software. For details go to the very end of the Innovative CSDIRECT firewall FAQ. (Username and password required.)

More Info

Check out the CSDIRECT firewall FAQ.(Username and password required.)