Meraki

RobertStark · ‎Mar 26 2023

Hi

Our company runs an internal filmmaker pro server (database server). The server allows you to setup oAuth with several different vendors. Because we already use Google Workplace for our email and other services, it just makes sense to go with Google. So the computer runs on a local IP. I of course need to obtain a Google Client ID as well as Secret. But I need to have a redirect URL which will need to point to the server. If I'm understanding this right, I will need to open a port which directs to the local computer hosting the database server. I have created a subdomain on our cloudflare account to point to our fixed office IP which has a mx security appliance in front of it. Any tips on best security practices here since I don't think I can make a firewall rule to limit just to google's server. I know I can limit the port number for this. But I don't want everyone in the world to get access to this port number of a computer on my local network. Obviously I am a beginner here.

PhilipDAth · ‎Mar 26 2023

FileMaker gives me the shivers, as I have run into too many bugs with that product. So that does not make me feel comfortable about its security when I don't feel the rest of their code base is "quality".

You will need to expose tcp/443 via NAT to the world for OAUTH to work. Anyone who knows or discovers a vulnerability in the Filemaker web interface will be able to have a crack at it.

This is a guide on configuring the port forward with your MX.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

Good luck!

Meraki

Community

Strategy for using Google oAuth for a local database server

Strategy for using Google oAuth for a local database server