+23
Under Review

Enable SC Router service by default to allow web and relay traffic on same port

Michael Legato (Support) 5 years ago updated by jeffshead 4 months ago 10

Partner would like to have the router service to allow inbound web and relay traffic on the same IP address enabled by default in the software.


CW#7675945

Available in Version:

+1,000,000,000

With LT plugin now forcing customers to use HTTPS on SC, the router service is vital to ensure reliable operation without getting blocked by firewalls. Please bring this into support, and move towards this as default configuration.

+1

Yes, it would fantastic to ensure this feature sticks around for years to come instead of just hoping it continues to work as "unsupported".

+1

Been using the router functionality for many years, without issue. Not working with v20.11+.

Please bring back this functionality even if it is not the default.

Guys - we know this works well because we know CW use it themselves.  Please can you just make this supported in the main release. We know not all customers are going to be able to use it but many will. 

+2

Yes, PLEASE make this an official feature. I spent hours trying to use multiple domains/IPs to get all my traffic to flow over 443 (to keep it from being blocked on some enterprise networks).

Someone informed me of the ScreenConnect Router service and it completely resolved my issue. I could have saved so much time if this was officially documented and supported.

I asked, and apparently this will now be discussed in ScreenConnect (CWC) support meeting tomorrow. The case for this is understood. 

For the record - Here's a repost of how this can be set up, and some more info / code.

https://github.com/slinak/ConnectWiseControlRouterSetup

However this is not (as I understand it) currently "supported" by ConnectWise - though that will be discussed. 
Credit to Scott Linak @ CW for jumping on this when I asked, and the above repo. :-) 

Thanks for the additional info Alex. Looking forward to see if they decide to support this feature.

Using the router feature is great if you want or need to use a single IP and have all traffic on port 443 but… After using the router functionality for years and because a previous CWC update killed the router functionality, I reluctantly switched to using one public IP for the web and another public IP for the relay. Doing so still allows me to run all CWC traffic on port 443. The nice thing about keeping the traffic separate is that you can use a web application firewall (WAF) for the web traffic which you cannot do if you use the built-in router. You will most likely be forced to NAT all traffic, as I had to do.

Also, many companies use deep packet inspection and don’t like non-html traffic on port 443. I don’t claim to know what the best solution is; just throwing this out there for consideration.