Configuring firewall rules
For each port variable contained in the DMCFG, the table below contains an indication of its bind address and required reachability; this information can be used as a guidance when configuring firewall rules.
port contained in CEMAN_DB_URL
jdbc connection used by CEMAN to connect to the database
database machine(s) node(s)
From each CEMAN node
ceman_https_port
Internal Data Mover WUI / CEMAN-core listening port
Each CEMAN node external address
From load balancer
jgroups_infinispan_bind_port
CEMAN-core JGroups primary listening port
Each CEMAN node external address
From each CEMAN node
jgroups_infinispan_bind_port+2
CEMAN-core JGroups secondary listening port
Each CEMAN node external address
From each CEMAN node
jgroups_iam_infinispan_bind_port
CEMAN IAM JGroups primary listening port
Each CEMAN node external address
From each CEMAN node
jgroups_iam_infinispan_bind_port+1
CEMAN IAM JGroups secondary listening port
Each CEMAN node external address
From each CEMAN node
ceman_localcontroller_port
CEMAN-core local controller listening port, internally used by the product to stop/check a running CEMAN-core
Each CEMAN node external address
From the same node
activemq_https_port
AMQ broker web console HTTPS listening port
Each CEMAN node external address
From browser machines requiring WUI access
brokerconfig_acceptor_core_port
AMQ active-passive broker native protocol listening port
Each CEMAN node external address
From each managed node
brokerconfig_jgroups_port
AMQ active-passive broker JGroups primary listening port
Each CEMAN node external address
Each CEMAN node external address
brokerconfig_jgroups_port+3
AMQ active-passive broker JGroups secondary listening port
Each CEMAN node external address
Each CEMAN node external address
brokerconfig_aa_acceptor_core_port
AMQ active-active broker native protocol listening port
Each CEMAN node external address
From each CEMAN node
brokerconfig_aa_jgroups_port
AMQ active-active broker JGroups primary listening port
Each CEMAN node external address
From each CEMAN node
brokerconfig_aa_jgroups_port+3
AMQ active-active broker JGroups secondary listening port
Each CEMAN node external address
From each CEMAN node
brokerconfig_aa_scaledown_jgroups_port
AMQ active-active broker scaledown JGroups primary listening port
Each CEMAN node external address
From each CEMAN node
brokerconfig_aa_scaledown_jgroups_port+3
AMQ active-active broker scaledown JGroups secondary listening port
Each CEMAN node external address
From each CEMAN node
KEYCLOAK_HTTPS_PORT
Internal Data Mover IAM listening port
Each CEMAN node external address
From load balancer
ceman_http_port_balanced
External load balancer HTTP/S port, used by the user via browser to reach Data Mover WUI
Load balancer external address
From browser machines requiring WUI access
IAM_PROXY_PORT
External load balancer HTTP/S port port, used behind-the-scenes by the browser to contact Data Mover WUI
Load balancer external address
From browser machines requiring WUI access
activemq_localcontroller_port
AMQ local controller listening port, internally used by the product to stop/check a running AMQ broker
Each CEMAN node localhost
From the same node
steng_https_port
Set the STENG HTTPS port
Each STENG node external address
From each CEMAN node
steng_localcontroller_port
STENG local controller listening port, internally used by the product to stop/check a running STENG Peer
Each STENG node localhost
From the same node
gateway_Command_Port
DMZ command listening port
Each DMZ node external address
From each STENG node
Will you use Data One for MFT with Data Mover?
Additional rules will be needed.
These rules are the minimal set of rules required by the product to run. When using Data One for MFT with Data Mover you will define file transfer protocol servers and file transfer client connections that require additional firewall traversal rules to be added, in a protocol-specific way.
Last updated