Security
The direct print and file service was designed to have a minimal impact on the security policies in an enterprise environment. All communication is started from inside the firewall and it uses only the HTTPS protocol.
These design decisions ensure you do not have to open ports for incoming traffic in your firewall, which is considered a risk because of poorly written web servers that are vulnerable to attack.
Authentication
Business Central in the cloud and on-premises uses two different way of authentication.
Firewalls
When setting up the print server, you normally do not have to change your firewall configuration. All communication is done over HTTPS and all requests are from the program and out. There are no connections coming from the outside of your network to the service.
If you have a strict firewall where you need to register the outgoing requests in order to allow access, here is a list of hosts and protocols:
| Host | Port | Protocol | Direction | Executable | Description |
|---|---|---|---|---|---|
| api.businesscentral.dynamics.com | 443 | HTTPS | Outgoing | ForNav.PrintJob.exe |
Business Central print queue API |
| www.fornav.com | 443 | HTTPS | Outgoing | ForNav.PrintJob.exe |
Base parameters for communication |
In an on-premises environment, the API URL is different. It will point to the host that runs the Business Central service tier. It uses the OData port for the API.
No Internet
Direct print can be used in a closed environment. For an on-premises installation the Internet connection is not a requirement.