Firewall configuration
You must configure your firewall to allow communication between the IBM RPA server on OpenShift and IBM RPA client applications.
The following ports and protocols are needed by the application to function.
In most configurations, OpenShift enforces port access between pods by using NetworkPolicy resources. The IBM RPA operator creates suitable NetworkPolicy resources to allow communication between IBM RPA pods. However,
if NetworkPolicy resources are not enforced in your configuration, you can also configure your firewall to restrict traffic between pods as follows.
IBM RPA 21.0.0 - IBM RPA 21.0.2
| From | To | Access | Protocol | Destination port |
|---|---|---|---|---|
| API server | MS SQL Server database | Within customer network | TCP | 1433 |
| IBM RPA Studio/Bot Agent | API server | Within customer network | HTTPS | 443 |
| API server | Internet | External | HTTPS | 9443 |
| IBM RPA Studio/Bot Agent | IBM MQ (via external Route) | Within customer network | TCP | 443 |
| Web browser | UI (via external Route) | Within customer network | HTTPS | 443 |
| UI | API server | Between pods | HTTPS | 5001 |
| API server | IBM MQ (via external Route) | Between pods | TCP | 443 |
| API server | Redis | Between pods | TCP | 16000 |
| API server | Antivirus service | Between pods | HTTPS | 9443 |
| API server | Abbyy OCR service | Between pods | HTTPS | 9443 |
IBM RPA 21.0.2 and higher
| From | To | Access | Protocol | Destination port |
|---|---|---|---|---|
| API server | MS SQL Server database | Within customer network | TCP | 1433 |
| IBM RPA Studio/Bot Agent | API server | Within customer network | HTTPS | 443 |
| API server | Internet | Reverse proxy from Zen | HTTPS | 9443 |
| IBM RPA Studio/Bot Agent | IBM MQ (via external Route) | Within customer network | TCP | 443 |
| Web browser | UI (via reverse proxy from Zen) | Within customer network | HTTPS | 443 |
| UI | API server | Between pods | HTTPS | 5001 |
| API server | IBM MQ (via external Route) | Between pods | TCP | 443 |
| API server | Redis | Between pods | TCP | 16000 |
| API server | Antivirus service | Between pods | HTTPS | 9443 |
| API server | Abbyy OCR service | Between pods | HTTPS | 9443 |
Note:The API server requires internet access to download web browser drivers, which are used by the IBM RPA Studio and Bot Agent for browser commands.