Add Initialization Parameters to Support Firewall Navigation

About this task

If you communicate with a trading partner using a firewall, set two initialization parameters to support it. You assign a specific TCP/IP source port number or a range of port numbers with a particular TCP/IP address or addresses for outgoing Connect:Direct® sessions. Setting these parameters allows controlled access to a Connect:Direct server if it is behind a packet-filtering firewall without compromising security.

To add firewall support initialization parameters:

Procedure

  1. Coordinate IP addresses and associated port assignments with your firewall administrator.
  2. Add the following parameter to the Local Node Characteristics section of the initialization parameters file:
    tcp.src.ports=(valid IP address/optional subnet mask | valid IP address pattern, associated port number | associated range of port numbers | associated port number, associated range of port numbers)
  3. Apply the new initialization parameter.
  4. A second parameter called tcp.src.ports.list.iterations is automatically added to the Local Node Characteristics section during installation and has a default value of 1. Refer to the following table for a description and valid values for these parameters:
    Parameter Name Parameter Definition Valid Values
    tcp.src.ports An IP address or multiple addresses and the ports permitted for the address when going through a packet-filtering firewall.

    Valid IP address with an optional mask for the upper boundary of the IP address range and the associated outgoing port number or range of port numbers for the specified IP address, for example:

    (199.2.4.*, 1024), (fd00:0:0:2015:*::*, 2000-3000), (199.2.4.0/255.255.255.0, 4000-5000),(fd00:0:0:2015::0/48, 6000, 7000)

    A wildcard character (*) is supported to define an IP address pattern. If the wildcard character is used, the optional mask is not valid.

    tcp.src.ports.list.iterations The number of times that Connect:Direct scans the list of available ports defined in tcp.src.ports to attempt a connection before going into a retry state. This parameter is automatically added to the initialization parameter and is assigned a value of 1. If desired, change this value. A numeric value from 1-255. The default value is 1.
  5. Coordinate the specified port numbers with the firewall administrators.