External access using port forwarding

With this method you can create and register a domain name that would be available for your users from the internet (e.g. The DNS entry for this domain name would point to your network's public gateway. Your network administrator can then configure the firewall to forward all requests for that URL directly to your internal ThoughtFarmer server. It is highly recommended that you purchase an SSL certificate for this and redirect all non-SSL requests to the secure https URL.


  • This approach provides direct external access to your intranet, which is easier for users than solutions that require a VPN.
  • It is relatively simple to set up.

  • Simply port forwarding to an internal server, also known as "opening a hole in the firewall", allows external users direct access to your internal network, which is not as secure as solutions that are using a DMZ. 

Recommended steps for configuring port forwarding:

  1. Get the external IP address for the network that your ThoughtFarmer server is set up on.
  2. Register a public domain name for your intranet (e.g. using the service provider of your choice. If you already have a domain registered skip this step.
  3. Choose a full URL for your intranet (e.g.
  4. Purchase an SSL certificate for the chosen URL from the service provider of your choice. You can also purchase a wildcard SSL (e.g. * or use one if already purchased.
  5. Contact the Administrator for the registered domain name and add an A-record for your chosen intranet URL to point to the IP in step number 1.
  6. Install the SSL certificate on the ThoughtFarmer server.
  7. Configure an SSL binding on your ThoughtFarmer instance.
  8. Set up a redirect for all http traffic to go to https (you can specify a different URL than your internal users).
  9. Set up port forwarding on the network firewall to point all port 80 (http) and port 443 (https) traffic for the intranet URL to the internal IP of the ThoughtFarmer server.