Topic
  • 4 replies
  • Latest Post - ‏2013-03-08T04:20:04Z by ahm.m
ahm.m
ahm.m
6 Posts

Pinned topic Ports from IHS to WAS

‏2013-03-01T15:40:33Z |
Hi
We have very simple WAS and iHS setup..
Machine A:IHS
Machine B: WAS server1 .

Now we have requirement to allow some specific ports from IHS (hosted on DMZ) to WAS( hosted on Intranet)
So how can I achieve inbound and outbound rules for specific ports to be open between IHS and WAS.
What are port numbers that will open between IHS and WAS communication?

Thanks
Updated on 2013-03-08T04:20:04Z at 2013-03-08T04:20:04Z by ahm.m
  • Sunit
    Sunit
    199 Posts

    Re: Ports from IHS to WAS

    ‏2013-03-01T16:23:04Z  
    Check your WAS configuration or check your most current plugin-cfg.xml for ports used by WAS web container. They will be something like 9080 (non-SSL) and 9443 (SSL).
    Communication from IHS to WAS (DMZ to Intranet) will require you to create the following rule:
    Source: IHS server IP address Dest: WAS server IP address Ports 9080, 9443 Rule: Allow

    --Sunit
  • ahm.m
    ahm.m
    6 Posts

    Re: Ports from IHS to WAS

    ‏2013-03-02T02:18:34Z  
    • Sunit
    • ‏2013-03-01T16:23:04Z
    Check your WAS configuration or check your most current plugin-cfg.xml for ports used by WAS web container. They will be something like 9080 (non-SSL) and 9443 (SSL).
    Communication from IHS to WAS (DMZ to Intranet) will require you to create the following rule:
    Source: IHS server IP address Dest: WAS server IP address Ports 9080, 9443 Rule: Allow

    --Sunit
    Thank you so much for response..
    I have seen netstat -anop command output and some tcp ports like (53500,55400 etc)(every time these ports are changing ) ports connecting from IHS to WAS port(9080).
    I am surprised ports 53500,55400 etc didn't appeared in Plugin.xml
    So If I block all ports other than mentioned in plugin.xml between IHS to WAS above ports might be blocked and I would face problem?
    Please share ideas
    Thanks
  • Sunit
    Sunit
    199 Posts

    Re: Ports from IHS to WAS

    ‏2013-03-02T11:18:59Z  
    • ahm.m
    • ‏2013-03-02T02:18:34Z
    Thank you so much for response..
    I have seen netstat -anop command output and some tcp ports like (53500,55400 etc)(every time these ports are changing ) ports connecting from IHS to WAS port(9080).
    I am surprised ports 53500,55400 etc didn't appeared in Plugin.xml
    So If I block all ports other than mentioned in plugin.xml between IHS to WAS above ports might be blocked and I would face problem?
    Please share ideas
    Thanks
    Those are source ports and they keep on changing (above 1024 and not reserved by TCP/IP stack). In the firewall rule the source ports are 'ANY' by default unless you want to code a specific source port.

    --Sunit
  • ahm.m
    ahm.m
    6 Posts

    Re: Ports from IHS to WAS

    ‏2013-03-08T04:20:04Z  
    • Sunit
    • ‏2013-03-02T11:18:59Z
    Those are source ports and they keep on changing (above 1024 and not reserved by TCP/IP stack). In the firewall rule the source ports are 'ANY' by default unless you want to code a specific source port.

    --Sunit
    Thanks sunit