Question & Answer
Question
When building an ISAM Cluster with a firewall separating internal network and DMZ nodes, what communication must be allowed?
Answer
The following ports - port ranges are listening on the Appliances, and will have to be allowed by the firewall rules.
| Component | Port Number - Range |
| WebSphere Application Server | 9080, 9443 |
| Security Access Manager Policy Server | 7135 |
| Security Access Manager Authorization Server | 7136,7137 |
| WebSEAL | 7234 |
| LDAP Server, SSL port | 636 |
| LDAP Server, non-SSL port | 389 |
| LMI | 443 |
| WebSEAL HTTP port | 80 |
| WebSEAL HTTPS port | 443 |
| Remote Syslog | 514 |
| SSHD (for clustering communication) | 22 |
| DSC (when supporting Internal and External clients) | 9081 |
| ICMP Ping method | n/a |
The above list describes the default ports, but are customizable.
As part of the cluster setup, an ERE (External Reference Entity) is used to determine where there is a break in the network. This requires the the firewall to allow an ICMP Ping method.
Related Information
[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSeal AMP Appliance","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Product Synonym
ISAM Web Mobile
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21882852