Configure Management IP Ranges

It may be important to you to allow your TAC appliance(s) and infrastructure servers to be managed remotely. For this, the TAC console will add exception rules to local firewall for source IP address or ranges and ports. This will ensure and secure your TAC appliance(s) by blocking at the firewall level and allow inbound connections only to configured IP:Port of published sites and management ports from remote IP ranges you define.

To configure TAC Management IP ranges, follow below steps: 

1. Go to TAC configuration console. Click on Configuration and select Network Setup. This will open Network Setup box..

2. Enter Remote (Source) IP ranges that initiate connection to the TAC server in IP Ranges box. To insert a new entry, hit Insert key. To remove entry, hit Delete key. To modify entry, Double click it. To finish modification, hit Enter key.

3. Enter port numbers separated by comma in Ports box; Click OK.

4. Click Apply to take effect the configuration.

Note: After configuring Network Setup, TAC will lock and block all local firewall rules except TAC Management rule created by network setup and inbound connection only IP:Port of sites that publishing through TAC.

Important:  The TAC Network Setup does not make any changes to the server's RDP listening port. Please refer to this Microsoft Article for how to change the RDP listening port. Before making any changes to the server's listening port you MUST complete the TAC Network Setup and apply the configuration within TAC. It is important to configure the network setup and IP:port ranges correctly. Misconfiguration of this may cause blocking in RDP connection.

TAC is designed to accept DHCP based IP configuration for TAC configuration. Usually TAC requires static IP assignment for its network adapters in order to bind IP for the Site name. However, there are cases that you are not allowed to add static IP from operating system network properties such as cloud-based TAC VM installation. In such cases, the IPs will not be assigned directly to the OS network IP configuration, but rather from the cloud management console. TAC will accept those IP assignments if you select “Enable DHCP-based address listing” option under General section. 

It is important to keep in mind that even though the option is to work with DHCP-based IP configurations, TAC requires persistent and static IP address assignment which will not change dynamically.

Additionally, you can create manual firewall policies through Local Firewall console. By default, TAC blocks all public inbound access in Windows firewall, leaving only the site’s IP:port open for public access. All existing firewall rules with ANY source address scope become local subnet as the source scope. To add an exception in firewall, you need to create an inbound rule (or rename existing rule) prefixed with “TACGW_Exception_”. Such rules are ignored by TAC.

TAC supports a multi NIC scenario. When your TAC server is in multi NIC environment, administrators must configure those adapters properly. Internal and external network adapters must use correct IP details for proper TAC operation. The most important is network adapter order. Internal network adapter must always be the first adapter in the provider’s order list under advanced network properties.

Important: Private Network adapter should be ordered first in the list of network adapters under advanced network properties.