HomeGuides
Log In
Guides

Configuring firewall rules

For each port variable contained in the DMCFG, the table below contains an indication of its bind address and required reachability; this information can be used as a guidance when configuring firewall rules.

Port NameDescriptionBind AddressRequired reachability
port contained in CEMAN_DB_URLjdbc connection used by CEMAN to connect to the databasedatabase machine(s) node(s)From each CEMAN node
ceman_https_portInternal Data One WUI / CEMAN-core listening portEach CEMAN node external addressFrom load balancer
jgroups_infinispan_bind_portCEMAN-core JGroups primary listening portEach CEMAN node external addressFrom each CEMAN node
jgroups_infinispan_bind_port+2CEMAN-core JGroups secondary listening portEach CEMAN node external addressFrom each CEMAN node
jgroups_iam_infinispan_bind_portCEMAN IAM JGroups primary listening portEach CEMAN node external addressFrom each CEMAN node
jgroups_iam_infinispan_bind_port+1CEMAN IAM JGroups secondary listening portEach CEMAN node external addressFrom each CEMAN node
ceman_localcontroller_portCEMAN-core local controller listening port, internally used by the product to stop/check a running CEMAN-coreEach CEMAN node external addressFrom the same node
activemq_https_portAMQ broker web console HTTPS listening portEach CEMAN node external addressFrom browser machines requiring WUI access
brokerconfig_acceptor_core_portAMQ active-passive broker native protocol listening portEach CEMAN node external addressFrom each managed node
brokerconfig_jgroups_portAMQ active-passive broker JGroups primary listening portEach CEMAN node external addressEach CEMAN node external address
brokerconfig_jgroups_port+3AMQ active-passive broker JGroups secondary listening portEach CEMAN node external addressEach CEMAN node external address
brokerconfig_aa_acceptor_core_portAMQ active-active broker native protocol listening portEach CEMAN node external addressFrom each CEMAN node
brokerconfig_aa_jgroups_portAMQ active-active broker JGroups primary listening portEach CEMAN node external addressFrom each CEMAN node
brokerconfig_aa_jgroups_port+3AMQ active-active broker JGroups secondary listening portEach CEMAN node external addressFrom each CEMAN node
brokerconfig_aa_scaledown_jgroups_portAMQ active-active broker scaledown JGroups primary listening portEach CEMAN node external addressFrom each CEMAN node
brokerconfig_aa_scaledown_jgroups_port+3AMQ active-active broker scaledown JGroups secondary listening portEach CEMAN node external addressFrom each CEMAN node
KEYCLOAK_HTTPS_PORTInternal Data One IAM listening portEach CEMAN node external addressFrom load balancer
ceman_http_port_balancedExternal load balancer HTTP/S port, used by the user via browser to reach Data One WUILoad balancer external addressFrom browser machines requiring WUI access
IAM_PROXY_PORTExternal load balancer HTTP/S port port, used behind-the-scenes by the browser to contact Data One WUILoad balancer external addressFrom browser machines requiring WUI access
net_portDATA WATCHER embedded MongoDB listening port Each DATA WATCHER node external addressFrom each DATA WATCHER node
activemq_localcontroller_portAMQ local controller listening port, internally used by the product to stop/check a running AMQ brokerEach CEMAN node localhostFrom the same node
storm_worker_port... storm_worker_port+9DATA WATCHER base listening port for Storm workers port range

Ports from storm_worker_port to storm_worker_port+ 9 could be listened to (in a worst-case scenario, typical actual number is less than that).
Each DATA WATCHER node external addressFrom each DATA WATCHER node
zk_portDATA WATCHER Zookeeper listening portEach DATA WATCHER node external addressFrom each DATA WATCHER node
steng_https_portSet the STENG HTTPS portEach STENG node external addressFrom each CEMAN node
steng_localcontroller_portSTENG local controller listening port, internally used by the product to stop/check a running STENG PeerEach STENG node localhostFrom the same node
gateway_Command_PortDMZ command listening portEach DMZ node external addressFrom each STENG node

Will you use Data One for MFT with Data Mover?
Additional rules will be needed.

These rules are the minimal set of rules required by the product to run.
When using Data One for MFT with Data Mover you will define file transfer protocol servers and file transfer client connections that require additional firewall traversal rules to be added, in a protocol-specific way.