Configuring firewall rules

port contained in CEMAN_DB_URL

jdbc connection used by CEMAN to connect to the database

database machine(s) node(s)

From each CEMAN node

ceman_https_port

Internal Data One WUI / CEMAN-core listening port

Each CEMAN node external address

From load balancer

jgroups_infinispan_bind_port

CEMAN-core JGroups primary listening port

Each CEMAN node external address

From each CEMAN node

jgroups_infinispan_bind_port+2

CEMAN-core JGroups secondary listening port

Each CEMAN node external address

From each CEMAN node

jgroups_iam_infinispan_bind_port

CEMAN IAM JGroups primary listening port

Each CEMAN node external address

From each CEMAN node

jgroups_iam_infinispan_bind_port+1

CEMAN IAM JGroups secondary listening port

Each CEMAN node external address

From each CEMAN node

ceman_localcontroller_port

CEMAN-core local controller listening port, internally used by the product to stop/check a running CEMAN-core

Each CEMAN node external address

From the same node

activemq_https_port

AMQ broker web console HTTPS listening port

Each CEMAN node external address

From browser machines requiring WUI access

brokerconfig_acceptor_core_port

AMQ active-passive broker native protocol listening port

Each CEMAN node external address

From each managed node

brokerconfig_jgroups_port

AMQ active-passive broker JGroups primary listening port

Each CEMAN node external address

Each CEMAN node external address

brokerconfig_jgroups_port+3

AMQ active-passive broker JGroups secondary listening port

Each CEMAN node external address

Each CEMAN node external address

brokerconfig_aa_acceptor_core_port

AMQ active-active broker native protocol listening port

Each CEMAN node external address

From each CEMAN node

brokerconfig_aa_jgroups_port

AMQ active-active broker JGroups primary listening port

Each CEMAN node external address

From each CEMAN node

brokerconfig_aa_jgroups_port+3

AMQ active-active broker JGroups secondary listening port

Each CEMAN node external address

From each CEMAN node

brokerconfig_aa_scaledown_jgroups_port

AMQ active-active broker scaledown JGroups primary listening port

Each CEMAN node external address

From each CEMAN node

brokerconfig_aa_scaledown_jgroups_port+3

AMQ active-active broker scaledown JGroups secondary listening port

Each CEMAN node external address

From each CEMAN node

KEYCLOAK_HTTPS_PORT

Internal Data One IAM listening port

Each CEMAN node external address

From load balancer

ceman_http_port_balanced

External load balancer HTTP/S port, used by the user via browser to reach Data One WUI

Load balancer external address

From browser machines requiring WUI access

IAM_PROXY_PORT

External load balancer HTTP/S port port, used behind-the-scenes by the browser to contact Data One WUI

Load balancer external address

From browser machines requiring WUI access

net_port

DATA WATCHER embedded MongoDB listening port

Each DATA WATCHER node external address

From each DATA WATCHER node

activemq_localcontroller_port

AMQ local controller listening port, internally used by the product to stop/check a running AMQ broker

Each CEMAN node localhost

From the same node

storm_worker_port... storm_worker_port+9

DATA WATCHER base listening port for Storm workers port range Ports from storm_worker_port to storm_worker_port+ 9 could be listened to (in a worst-case scenario, typical actual number is less than that).

Each DATA WATCHER node external address

From each DATA WATCHER node

zk_port

DATA WATCHER Zookeeper listening port

Each DATA WATCHER node external address

From each DATA WATCHER node

steng_https_port

Set the STENG HTTPS port

Each STENG node external address

From each CEMAN node

steng_localcontroller_port

STENG local controller listening port, internally used by the product to stop/check a running STENG Peer

Each STENG node localhost

From the same node

gateway_Command_Port

DMZ command listening port

Each DMZ node external address

From each STENG node