Configuring firewall rules
For each port variable contained in the DMCFG, the table below contains an indication of its bind address and required reachability; this information can be used as a guidance when configuring firewall rules.
Port Name | Description | Bind Address | Required reachability |
---|---|---|---|
port contained in CEMAN_DB_URL | jdbc connection used by CEMAN to connect to the database | database machine(s) node(s) | From each CEMAN node |
ceman_https_port | Internal Data One WUI / CEMAN-core listening port | Each CEMAN node external address | From load balancer |
jgroups_infinispan_bind_port | CEMAN-core JGroups primary listening port | Each CEMAN node external address | From each CEMAN node |
jgroups_infinispan_bind_port+2 | CEMAN-core JGroups secondary listening port | Each CEMAN node external address | From each CEMAN node |
jgroups_iam_infinispan_bind_port | CEMAN IAM JGroups primary listening port | Each CEMAN node external address | From each CEMAN node |
jgroups_iam_infinispan_bind_port+1 | CEMAN IAM JGroups secondary listening port | Each CEMAN node external address | From each CEMAN node |
ceman_localcontroller_port | CEMAN-core local controller listening port, internally used by the product to stop/check a running CEMAN-core | Each CEMAN node external address | From the same node |
activemq_https_port | AMQ broker web console HTTPS listening port | Each CEMAN node external address | From browser machines requiring WUI access |
brokerconfig_acceptor_core_port | AMQ active-passive broker native protocol listening port | Each CEMAN node external address | From each managed node |
brokerconfig_jgroups_port | AMQ active-passive broker JGroups primary listening port | Each CEMAN node external address | Each CEMAN node external address |
brokerconfig_jgroups_port+3 | AMQ active-passive broker JGroups secondary listening port | Each CEMAN node external address | Each CEMAN node external address |
brokerconfig_aa_acceptor_core_port | AMQ active-active broker native protocol listening port | Each CEMAN node external address | From each CEMAN node |
brokerconfig_aa_jgroups_port | AMQ active-active broker JGroups primary listening port | Each CEMAN node external address | From each CEMAN node |
brokerconfig_aa_jgroups_port+3 | AMQ active-active broker JGroups secondary listening port | Each CEMAN node external address | From each CEMAN node |
brokerconfig_aa_scaledown_jgroups_port | AMQ active-active broker scaledown JGroups primary listening port | Each CEMAN node external address | From each CEMAN node |
brokerconfig_aa_scaledown_jgroups_port+3 | AMQ active-active broker scaledown JGroups secondary listening port | Each CEMAN node external address | From each CEMAN node |
KEYCLOAK_HTTPS_PORT | Internal Data One IAM listening port | Each CEMAN node external address | From load balancer |
ceman_http_port_balanced | External load balancer HTTP/S port, used by the user via browser to reach Data One WUI | Load balancer external address | From browser machines requiring WUI access |
IAM_PROXY_PORT | External load balancer HTTP/S port port, used behind-the-scenes by the browser to contact Data One WUI | Load balancer external address | From browser machines requiring WUI access |
net_port | DATA WATCHER embedded MongoDB listening port | Each DATA WATCHER node external address | From each DATA WATCHER node |
activemq_localcontroller_port | AMQ local controller listening port, internally used by the product to stop/check a running AMQ broker | Each CEMAN node localhost | From the same node |
storm_worker_port ... storm_worker_port+9 | DATA WATCHER base listening port for Storm workers port range Ports from storm_worker_port to storm_worker_port + 9 could be listened to (in a worst-case scenario, typical actual number is less than that). | Each DATA WATCHER node external address | From each DATA WATCHER node |
zk_port | DATA WATCHER Zookeeper listening port | Each DATA WATCHER node external address | From each DATA WATCHER node |
steng_https_port | Set the STENG HTTPS port | Each STENG node external address | From each CEMAN node |
steng_localcontroller_port | STENG local controller listening port, internally used by the product to stop/check a running STENG Peer | Each STENG node localhost | From the same node |
gateway_Command_Port | DMZ command listening port | Each DMZ node external address | From each STENG node |
Will you use Data One for MFT with Data Mover?
Additional rules will be needed.These rules are the minimal set of rules required by the product to run.
When using Data One for MFT with Data Mover you will define file transfer protocol servers and file transfer client connections that require additional firewall traversal rules to be added, in a protocol-specific way.
Updated 5 months ago