I have got openfire set up and will use Spark for the client. I want to keep all chat traffic behind my firewall, use it for LAN traffic only. What ports on my firewall do I need to configure? Any other considerations to keep Openfire traffic inside the network?
I think the simple answer to this question is to disable the ‘server 2 server’ program on the admin console. This will keep all traffic on your server, I believe.
What ports on my firewall do I need to configure?
I have no idea about your firewall setup, but I guess that the default is: All ports are closed / blocked. So you should not open a port within your firewall.
Even for Openfire updates you can configure a HTTP proxy server within Openfire, so if your company has a proxy server you can use it to access the download page of Jivesoftware to check for updates. Otherwise Openfire tries a direct connection and this should be blocked by your firewall.
Any other considerations to keep Openfire traffic inside the network?
Don’t install the IM Gateway Plugin as this is quite useless if you want to keep your server traffic within your LAN.
We’ve added a firewall rule to prevent traffic from leaving the network via port 5222 the normal xmpp packet port. If the users figure that out however they could just change the port the traffic routes through.