Firewall navigation record

The firewall navigation record, called firewall.parms, enables you to assign a specific TCP/IP source port number or a range of port numbers with a particular TCP/IP address for outbound IBM® Connect:Direct® sessions. These ports also need to be open on the firewall of the trading partner to allow the inbound IBM Connect:Direct sessions. This feature enables controlled access to an IBM Connect:Direct server if it is behind a packet-filtering firewall without compromising security policies.

Before you configure firewalls, review all information regarding firewall navigation and rules beginning with Firewall Navigation.

The following parameters are available for this record:

Parameter Description Value


For TCP/IP connections, remote IP addresses and the ports permitted for the addresses when using a packet-filtering firewall. This parameter is required only if the local node acts as a PNODE.

Place all values for an address inside parentheses and separate each value for an address with a comma.

Valid IP address with an optional mask for the upper boundary of the IP address range and the associated outgoing port number or range of port numbers for the specified IP address, for example:

(199.2.4.*, 1000), (fd00:0:0:2015:*::*, 2000-3000), (, 4000-5000),(fd00:0:0:2015::0/48, 6000, 7000)

A wildcard character (*) is supported to define an IP address pattern. If the wildcard character is used, the optional mask is not valid.

For more information on specifying IP addresses and host names, see IP Addresses, Host Names, and Ports.

The number of times that IBM Connect:Direct scans the list of available ports to attempt a connection before going into a retry state. Any numeric value from 1–255. The default value is 2.