Setting up the Windows Firewall

On the supported Windows Server operating system versions, the Windows Firewall with Advanced Security is enabled by default, so all incoming TCP network communication not explicitly allowed by rules is blocked. This inhibits the FOC adapter. Firewall rules must be defined to allow the TCP network communication required by the FOC adapter.

To set up the Windows Firewall with Advanced Security, perform these steps on each node of the Microsoft Failover Cluster:
  1. Select "Start > Administrative Tools > Windows Firewall with Advanced Security".
  2. In the "Windows Firewall with Advanced Security" window, open the item "Windows Firewall with Advanced Security on Local Computer" in the tree view.
  3. Select item "Inbound Rules" in the tree view. Define all inbound rules required by System Automation Application Manager.
  4. Select item "Outbound Rules" in the tree view. Define all outbound rules required by System Automation Application Manager.
To define an Inbound Rule in the Windows Firewall with Advanced Security, perform these steps:
  1. Click "New Rule..." from "Actions".
  2. Select "Custom" to define a custom rule. Click "Next".
  3. Select "All Programs". Click "Next".
  4. Select the desired "Protocol type".
  5. For protocol type "TCP", set "Local port" to "Specific Ports", specify the desired local port, and keep the setting "All Ports" for "Remote port". Click "Next".
  6. Click "Next".
  7. Select "Allow the connection". Click "Next".
  8. Select all network locations: "Domain", "Private", and "Public". Click "Next".
  9. Specify a name and a description for the rule. Click "Finish".
By default, the new rule is automatically enabled.
To define an Outbound Rule in the Windows Firewall with Advanced Security, perform these steps:
  1. Click "New Rule..." from "Actions".
  2. Select "Custom" to define a custom rule. Click "Next".
  3. Select "All Programs". Click "Next".
  4. Select the desired "Protocol type".
  5. For protocol type "TCP", set "Remote port" to "Specific Ports", specify the desired remote port, and keep the setting "All Ports" for "Local port". Click "Next".
  6. Click "Next".
  7. Select "Allow the connection". Click "Next".
  8. Select all network locations: "Domain", "Private", and "Public". Click "Next".
  9. Specify a name and a reasonable description for the rule. Click "Finish".
By default, the new rule is automatically enabled.
The following rules must be defined and enabled on all nodes of the Microsoft Failover Cluster. The rules contain the default ports after installation. If you change any of the ports, you need to adapt the rules.
Table 1. Microsoft Failover Cluster default ports
Name Direction Default port Protocol
IBM® Tivoli® SA AM MSCS Adapter (TCP-In) Inbound 2001 TCP
IBM Tivoli SA AM MSCS Adapter (TCP-Out) Outbound 2002 TCP