Firewall navigation record
The firewall navigation record, called firewall.parms, enables you to assign a specific TCP/IP source port number or a range of port numbers with a particular TCP/IP address for outbound IBM® Connect:Direct® sessions. These ports also need to be open on the firewall of the trading partner to allow the inbound IBM Connect:Direct sessions. This feature enables controlled access to an IBM Connect:Direct server if it is behind a packet-filtering firewall without compromising security policies.
Before you configure firewalls, review all information regarding firewall navigation and rules beginning with Firewall Navigation.
Parameter | Description | Value |
---|---|---|
tcp.src.ports |
For TCP/IP connections, remote IP addresses and the ports permitted for
the addresses when using a packet-filtering firewall. This parameter is required only if the
local node acts as a PNODE. Place all values for an address inside parentheses and separate each value for an address with a comma. |
Valid IP address with an optional mask for the upper boundary of the IP
address range and the associated outgoing port number or range of port numbers for the
specified IP address, for example: (199.2.4.*, 1000), (fd00:0:0:2015:*::*, 2000-3000), (199.2.4.0/255.255.255.0, 4000-5000),(fd00:0:0:2015::0/48, 6000, 7000) A wildcard character (*) is supported to define an IP address pattern. If the wildcard character is used, the optional mask is not valid. For more information on specifying IP addresses and host names, see IP Addresses, Host Names, and Ports. |
tcp.src.ports.list.
iterations |
The number of times that IBM Connect:Direct scans the list of available ports to attempt a connection before going into a retry state. | Any numeric value from 1–255. The default value is 2. |