DMZ configuration R12

DMZ configuration Implemented DMZ for the project, its not very difficult to implement but bit complex to troubleshoot.Most complex on troubleshooting firewall issue. My architecture goes like this LB -> Load balancer RP -> Reverse Proxy server LB >RP>EBS(ISUPPLIER NODE) (APPS TIER) > EBS (db tier) Load balancer Not much involvement, F5 load balancer asked sysadmin to point to reverse proxy URL on port 8080. Reverse proxy server Installed standalone OHS (oracle HTTP server), I had trouble while redirection because I chosen a wrong software OAs (Oracle Application server) Test from RP > EBS .. telnet <EBS host> port number EBS - Mostly context file changes Create Context File - create /{inst_name}/inst/apps/ $INST_NAME_$dmz_hostname/appl/admin folder for new MT server - copy context file from Private MT server into the above location with new name. - Modify the context file as under: - change all the references to Private MT server to Public MT server, except the following: s_cphost s_javamailer_imaphost s_wfhost s_smtphost s_mwahost - change following parameters for the Public URL # webentryhost: company (public URL) # webentrydomain: domain.com (public URL) # login_page: https://company.domain.com/oa_servlet/AppsLogin

#s_external_url:https://company.domain.com # s_active_webport : 443 login to the private mt server as ap{inst_name}. Run the following command (replace the apps-schema-name/appspasswd with actual values) sqlplus <apps-schema-name>/<apps-passwd> @<FND_TOP>/patch/115/sql/txkChangeProfH.sql SERVRESP Change the Node Trust Level Profile Option - add node to fnd_nodes using the Sysadmin > Install > nodes - update Node Trust Level profile option for that node as External - Assign Self Service Responsibilities to sysadmin Set Responsibility Trust Level 9) Update Agent profiles as DMZ server level to point to DMZ URL . Login as system Admin Resp Profiles Select DMZ server name and search for required profiles . Application Framework Agent Applications Web Agent Applications JSP Agent Apps Servlet Agent

Update URL for DMZ host to point to DMZ URL. Do not update URL at site level ! Run adconfig as under: adconfig.sh contextfile=/{inst_name}/inst/apps/ $INST_NAME_$dmz_hostname/appl/admin/ $INST_NAME_$dmz_hostname.xml appspass=apps run=INSTE8_SETUP Verify DMZ Setup. - start all services on dmz server (keep the private mt down) - loging to the DMZ url - browse through the links to see if the basic navigation works fine.