However, we are very aware that network administrators often want to be able to "force" software to behave in a certain way, and ensure the end users of the software cannot change those settings, and they also have to cope with software and hardware Firewalls, routers, plus Nat & Proxy servers.

We hope these notes will provide you with the necessary background information to let you do this quickly and easily.

We are assuming here that you already know what WTS, FTS and RDP mean, 
but just in case you are not sure -

What we want to do in this first section is to highlight and give you an overview of how IP addresses and more importantly, TCP ports play a very important role in choosing the best installation options for NetCFax on your network and to match your own computing environment and needs.

We believe you will already understand what TCP ports are, but for the sake of completeness, we will describe their use as applied to the NetCFax system.

All Winsock connections ( commonly know as SOCKETS ) contain various different information to allow the TCP protocol to make a connection across your network, and indeed, across the world via the Internet or WAN's etc. The two crucial pieces of data that are required to provide exact routing for all connections are :-

With all computer systems that are on the same network or subnet, each machine must always have its own unique IP address, so it doesn’t really matter what TCP port is selected or used. The problem occurs with the newer versions of Windows such as XP SP2 that provides "Fast task switching", and the increasingly popular Windows 2000 and 2003 server systems, that are able to support multiple user sessions ( Called Remote Desktop Sessions ), that run the software on the server itself, and then simply provide updated "screens" to the clients.

With both the above systems, a nasty problem occurs because multiple instances of the same installation of the fax client are running on the same machine concurrently, and therefore all have the SAME LOCAL IP ADDRESS. The importance of this is that, rather amazingly, Windows has not bothered to provide true Virtual Machines for these sessions (as Citrix and Linux do), which can then have their own IP addresses and their own set of TCP/UDP ports, so it is easy to see that all of the instances of the fax client can only have the same IP address. So we need to have another data item that is unique, and that of course can only be the TCP port used.

It is also useful for you to know that each NetCFax client also happens to be what is called a TCP "server" in their own right, which is required to allow them to receive various important notifications from the fax server at any time. The default setting is for the fax client to dynamically assign the first available TCP port, which ensure that each client is using a unique TCP port.

The fax clients pass the TCP port number to the fax server when they login, and the server then uses that plus the IP address it already knows to send messages to the clients.

If only one instance of a NetCFax client is running on any machine, the "uniqueness" requirements are already covered just fine, as that machine and therefore the fax client has a totally unique IP address, and therefore it can use any TCP port, including the same TCP port as any of the other machines on the network if required, as the IP address of the others will always be different. This type of fax client configuration is very easy to configure and use and should present you with no problems at all..

So, you can soon realize that if the fax clients are running under FTS or RDP sessions they are actually running on the same computer (not on the terminal machine you are using) and therefore they must all have exactly the same IP address. Therefore each client needs to use a different and totally unique TCP port. This is achieved very simply, and in fact it is handled automatically by NetCFax. It performs a scan of all of the TCP ports whenever a new instance of the client is started, and it identifies and "binds" to the first available free port. This port number is always given to the fax server when the client logs in, and the server then uses it to send messages to that particular fax client, as we still have "uniqueness" as although the IP address is the same, the TCP port is different, so a successful connection can be made to the correct client.

We really do hope that wasn't too difficult ?

We also understand that some networks have a need to control the range of available ports that may be assigned to these clients. This can be done very easily, either by editing the main client configuration file or the clientsettings.txt file as described below, or using the configuration settings found on the Tools menu of the client - Advanced Network Setup (to access this configuration option the fax client MUST NOT be logged in, as the settings are applied by the client itself whenever it is started) :

The first line of control is provided by a file that we provide named CLIENTSETTINGS.TXT, which can be found in the sub folder of the Fax servers main installation tree.

This is pretty well "commented already, and as you can see, is laid out in the standard Windows INI file format, although in fact it is not used as such. This means any changes you make should adhere to those rules, such as no spaces around the = signs, and comments must start with a semi colon.

The main control setting for this can be found under the heading

[SYSTEM]
LIMITDYNAMICPORT=1

if this is set to ZERO, the system will use the first available port, but if set to ONE the following two settings are used to set the range of values it will try to use.

LOWTCPDYNAMICPORT=1500
HIGHTCPDYNAMICPORT=20000

In fact the values used here are the defaults set by NetCFax, and these will be the range used unless you add or change these entries yourself.

If however, you want to use a fixed port, which is absolutely fine on networked PC's that are not supporting RDP sessions etc, then you can do so by following the description below.

The main setting for this can be found under the heading

[SYSTEM]

in this file, and the entry is :-

USETCPDYNAMICPORT=1

If this option is set to ONE, which is the default setting the client will start it's internal TCP server (that lets it receive notifications from the fax server) using a dynamically assigned TCP port.

However, if you set it to ZERO, it will then check for and always use the TCP port specified under the

[NETWORK]

section in the entry :-

CLIENTTCPSERVERPORT=7485

The default for this PORT is TCP port 7485

WARNING - You can do this perfectly safely if all the fax clients are installed and running on individual PC's. HOWEVER, IF YOU DO THIS when a single fax client installation, such as those installed on XP Pro with FTS enabled, or on a Windows 2000/2003 server that provides access to the fax client via RDP sessions, none of these clients will receive the fax notifications, as they have the same IP address, AND THE SAME PORT...

WHAT DO WE ACTUALLY HAVE UNDER FTS OR RDP ?

Well, we cannot vary the IP address. So as discussed above, the only thing we can (and must) vary is the TCP port.

That is exactly what the default dynamic port allocation system built in to the NetCFax client does.

So the basic rule is that any fax client installed on a machine that will allow more than one instance of that fax client installation to be running on that machine at one and the same time MUST USE THE DYNAMIC TCP PORTS setting. You cannot configure the client to use a different fixed port each time it is started.

However, and as noted above, you can limit the range of ports that are available to the client auto selection system if you feel you need to do so.

If your network has a firewall or router, you may need to be make changes to it to ensure that NetCFax can communicate between the server and the clients. The major and default TCP port used is set to 7488 on the server. This may be changed if you wish to do so, but all clients must also be changed if you do so.

This is the port used by all clients to request fax details, send faxes and perform most client to server initiated communications. This port is always fixed (by the fax server), and clearly must be open for bi-directional communications in your firewall(s) or router(s).

The secondary TCP port used is where the issues can occur. This is used to let the fax server send (unsolicited) messages to all of the fax clients, such as notifications of faxes that have been received, sent or failed to be sent. As you can see from the information we have provided above, this may be a simple single port, which is easy enough to open in your firewall/router to allow outbound only, but if the system is using dynamic ports to support FTS or RDP sessions, then problems can of course occur in ensuring the relevant ports are open.

We suggest that you use the port limiting feature of the fax clients to select a suitable (and small) range of ports that they can use. Typically a range of ports that is perhaps 2 or 3 times larger than the number of clients being used on any machine is sufficient, providing you choose range that does not contain ports that are used by other applications. You should never use ports < 1024 as these are widely used by standard TCP functionality.

Then all you have to do is to open that range of TCP ports in your firewall/router.  These only need to be opened for outbound messages, not for incoming messages.

This is another area that is often forgotten by network administrators. A classic scenario is that you want a fax client that is behind a firewall to be able to connect to a fax server across a WAN or even the Internet (YES, NetCFax can do that too) then you need to consider a few other issues.  It may even be the case that the fax server is also behind a firewall.

BACKGROUND INFORMATION - All PC's sitting behind a NET server/Proxy server/Firewall/Router will typically have "Internal" IP addresses in one of the common Class C address ranges : 192.168.x.x, 10.x.x.x, or even 172.16.x.x, but of course, to the server they are connecting to across the Internet, they all appear to have come from a totally different IP address, which is the "External" IP address of the gateway machine that is also known to the Internet and can probably be resolved via a DNS lookup. The NAT/Proxy/Firewall/Router can usually handle that perfectly easily, and most provide some form of IP address mapping, or Port address translation that lets you map any given port, or range of ports, to any "Internal" IP address. You must arrange for these mappings to be added to your system. This applies equally if the fax server is also on an internal IP address behind a firewall.

The main communications port (7488 by default) must be opened for bi-directional connections, but any ports required to allow the server to send unsolicited messages such as fax notifications, cabinet drawer counts etc only need to be opened to all outgoing connections. 

There is one other port used across the internal network (only) and it is only used if you have more than one NetCFax server installed on your network, so that the server can exchange roaming login profiles, address books etc.  This  port is by default 7487 UDP, but can be changed in the network configuration system if required.

This setting is also found under

[SYSTEM]

and it can be used to force the fax clients to prefill the fax client's login details with whatever the current windows login name is (and possibly the password). This lets you setup the client to use the same login details as are used for each users personal Windows login account.

The default setting for this entry is ZERO = OFF.

If the following setting equals ONE, the setting is enabled, and IT IS MOST IMPORTANT TO NOTE THAT this will always override any "Remembered" entries, and indeed any other auto login entries as well.

USEWINDOWSLOGINNAME=0

There is a second part to this, due to the fact that it is virtually impossible to obtain the password information from Windows programmatically. Again, the default setting is ZERO

SAVEWINDOWSPW=0

If you set this to ONE, once the user enters the Windows password in the fax clients password field, the system saves it so that it can then be used to prefill the login details thereafter.

This is a useful feature if you want to maintain a standard login policy across your network, as it allows each Windows user to always use the same login information.

If you prefer, you can add these same lines to the same [SECTION] in the CLIENTSETTINGS.TXT file that should be copied to all clients when you are going to install the fax client on them, which will then also be included in the NCFAXCLIENT.DAT file automatically.

This is a FAX SERVER SETTING

This setting is found in the fax servers master configuration file named NCFXSERVER.DAT that can be found in the DATA sub folder of the fax servers installation folder tree. It is also configurable from the general options of the normal Network configuration property sheet in the fax server

This file is also in standard Windows INI format

[NETWORK]

ALLOWAUTOACCOUNTCREATION=0

By setting this to ONE, the server will allow any fax client to create a new Visitor login account using the login name entered. These Visitor accounts are ONLY provided with the standard "Individual" access rights for obvious reasons.

If a Visitor account is created, it works just like any normal login account, allowing the user of the account to create and send faxes, view their own outgoing faxes (ONLY), and they can even view received faxes, if one or more are assigned to them using the received faxes assignment system.

However, as soon as a Visitor account logs out, virtually all record of it is removed from both the fax server and the fax client installation they were using. In fact, the only item(s) remaining in the system are any faxes they may have sent out, or even any that were scheduled to be sent at a later time. No fax client configuration changes they may make are saved, no address book entries or personal details are retained, and in fact, the client is left with no record of that account having ever been on there, or used, other than the standard account record of each login accounts fax activity, which are of course always retained for all accounts that use any fax client to allow verification of their activities to be performed - if ever required.

This system provides a potentially useful way to allow random users to take advantage of the fax system without the need for you, the administrator, to have to waste time creating special login accounts for such users.

We very much hope these notes have proved useful to you in allowing you to preconfigure your networked fax clients more easily and therefore effectively?

BACK TO INDEX PAGE