The Latest Oracle E-Business Suite Technology News direct from
Oracle E-Business Suite Development & Product Management

Configuring Reverse Proxies and DMZs for EBS 12.2

Steven Chan
Senior Director

You may have end-users outside of your organization's firewall who need access to E-Business Suite.  One way of doing that is to set up a reverse proxy server and a series of network segments separated by firewalls. 

EBS DMZ architecture


The outermost network segment that lies between the internet and an organization's intranet is often called a Demilitarized Zone (DMZ).  DMZs are enforced by firewalls and other networking security devices.

Setting up a DMZ

Instructions for deploying EBS 12.2 in a DMZ-based architecture are published here:

Externally-facing EBS products

A subset of EBS products can be deployed for external use, including iSupplier, iRecruitment, iSupport, and others.  Many of these products have special rules that must be enabled in the URL Firewall to work properly in external deployments.  For a complete list of E-Business Suite products certified for external use, see Section 6 in Note 1375670.1.

Related Articles



Join the discussion

Comments ( 3 )
  • Jaydeep Nandy Tuesday, March 13, 2018
    Hi Steven,

    What I understand from Note 1375670.1 is only WebLogic members are added to the domain - be it internal/external. That would need the following ports to be opened:

    1. To connect from Primary node to DMZ node's NodeManager
    2. To connect from DMZ Node to WLS Admin Server (on primary node)
    3. To connect from DMZ Node to Database over SQLNET
    4. SNMP & SSH connectivity from Primary node to DMZ Node

    Is there any way to get rid of first two from the list above? I guess it won't be possible - as the WLS Domain will create a cluster across all internal & external nodes. Please confirm.

  • Elke Phelps (Oracle Development) Tuesday, March 13, 2018

    To confirm - 1 & 2 are always required. Please note the following:

    1. There is always only internal application tier node that is designated as the WLS Admin Server. This server is referred to as the primary node.
    2. All external nodes must be able communicate with the primary node via WLS Admin Server port.
    3. The primary application tier node must be able to communicate to the node manager running on each internal and external node.
    4. The EBS WLS Domain includes the following clusters: oacore_cluster1, forms_cluster1, oafm_cluster1.
    5. There is one WLS cluster of each type (oacore_cluster1, forms_cluster1, oafm_cluster1) for the internal and external nodes (in other words– there is not a cluster for the external nodes and a cluster for the internal nodes)

    Hope this helps.
  • Nadir Thursday, August 29, 2019
    Internal application tier is for internal users and external application tier is for the user connecting through internet. But in my case my primary APP tier is on cloud so all the users will connect to the APP tier through internet. Now I want to put this primary APP tier behind the proxy server. For this purpose i followed the document 2143101.1 (Section 3, step 10 to 13). But couldn't succeed. Can somebody help me in this regard.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.

Recent Content