About this task
If you communicate with a trading partner using a firewall,
set two initialization parameters to support it. You assign a specific
TCP/IP source port number or a range of port numbers with a particular
TCP/IP address or addresses for outgoing Connect:Direct® sessions.
Setting these parameters allows controlled access to a Connect:Direct server
if it is behind a packet-filtering firewall without compromising security.
To
add firewall support initialization parameters:
Procedure
- Coordinate IP addresses and associated port assignments
with your firewall administrator.
- Add the following parameter to the Local Node Characteristics
section of the initialization parameters file:
tcp.src.ports=(valid
IP address/optional subnet mask | valid IP address pattern, associated
port number | associated range of port numbers | associated port number,
associated range of port numbers)
- Apply the new initialization parameter.
- A second parameter called tcp.src.ports.list.iterations
is automatically added to the Local Node Characteristics section during
installation and has a default value of 1. Refer to the following
table for a description and valid values for these parameters:
Parameter Name |
Parameter Definition |
Valid Values |
tcp.src.ports |
An IP address or multiple addresses and the
ports permitted for the address when going through a packet-filtering
firewall. |
Valid IP address with an optional mask for
the upper boundary of the IP address range and the associated outgoing
port number or range of port numbers for the specified IP address,
for example:
(199.2.4.*, 1024), (fd00:0:0:2015:*::*, 2000-3000),
(199.2.4.0/255.255.255.0, 4000-5000),(fd00:0:0:2015::0/48, 6000, 7000)
A
wildcard character (*) is supported to define an IP address pattern.
If the wildcard character is used, the optional mask is not valid.
|
tcp.src.ports.list.iterations |
The number of times that Connect:Direct scans
the list of available ports defined in tcp.src.ports to attempt a
connection before going into a retry state. This parameter is automatically
added to the initialization parameter and is assigned a value of 1.
If desired, change this value. |
A numeric value from 1-255. The default value
is 1. |
- Coordinate the specified port numbers with the firewall
administrators.