Network Hardening for FileMaker Server

Beginner

Firewall rules, port management, and network architecture patterns that reduce the attack surface of a FileMaker Server deployment.

What you'll learn

  • Which ports FileMaker Server uses and which to expose
  • Using a VPN to restrict client access
  • Firewall rules for Data API protection
  • Reverse proxy patterns for additional security

A correctly configured FileMaker Server with perfect privilege sets is still vulnerable if the network allows unrestricted access. Network hardening means closing ports that do not need to be open, using VPNs or private networks for client access, and ensuring the Data API is only reachable from authorized sources.

1/4
1

FileMaker Server port reference

Key ports: **5003** (FileMaker client protocol -- Pro/Go/Data API), **443** (HTTPS -- WebDirect, Admin Console, Data API), **80** (HTTP -- redirects to 443), **2399** (ODBC/JDBC). The Admin Console and Data API share port 443. Close ports you do not use at the firewall level.

TEXT
# Required for FileMaker client (Pro/Go):
TCP 5003

# Required for WebDirect, Admin Console, Data API:
TCP 443

# Close these if not used:
TCP 80   (if forcing HTTPS)
TCP 2399 (if ODBC not needed)
TCP 8998 (FM Admin API, internal only)
Comparing Privilege Sets: Built-in vs. CustomSession Management and Idle Timeouts

Sign in to track your progress and pick up where you left off.

Sign in to FM Dojo