Configuring Firewall Navigation

Firewall navigation enables controlled access to a IBM® Connect:Direct® system running behind a packet-filtering firewall without compromising your security policies or those of your trading partners. You control this access by assigning a specific TCP or UDT source port number or a range of source port numbers with a specific destination address (or addresses) for IBM Connect:Direct sessions.

Before you configure source ports in the IBM Connect:Direct initialization parameters, you need to review the information in this section, especially if you are implementing firewalls for UDT.

  1. Coordinate IP address and associated source port assignment with the local firewall administrator before updating the firewall navigation record in the initialization parameters file.
  2. Add the following parameters to the IBM Connect:Direct initialization parameters file as needed, based on whether you are using TCP or UDT:

      In a IBM Connect:Direct/Plex environment, specify these parameters in the local initialization parameters file of the IBM Connect:Direct/Plex member that communicates with an external firewall.

  3. Reinitialize Connect:Direct for z/OS®.
  4. Coordinate the specified port numbers with the firewall administrator at the remote site. These ports must also be available for IBM Connect:Direct communications on the firewall of your trading partner.