List of firewall ports that must be open for communication between the deployment manager, nodeagent, and Application Server
It's very important to know the ports that should be opened in the
firewall for proper communication between deployment manager, nodeagent,
and application servers. Follow the below steps to achieve this task.
Find the port numbers in the serverindex.xml file or from the ISC (Integrated Solution Console)
The serverindex.xml file can be found under the prof
From Integrated Solution Console:
Application Server ports
Click on servers -> server Name -> Expand ports under communication
Nodeagent ports
Click on System administration -> node agents -> nodeagent -> Expand ports under Additional Properties
Deployment Manager ports
Click on System administration -> Deployment manager -> Expand ports under Additional Properties
Note: The example endpoints are derived from version 8.5 configuration,
please ignore the endpoints/ports if you don't find it in your
configuration.
DMGR Ports to be opened with security enabled and disabled
|
Port/Endpoint Name
|
Security Disabled
|
Security Enabled
|
Reason/Comment
|
|
CELL
|
Yes
|
Yes
|
Discovery between nodeagent and DMgr will not work
|
|
BOOTSTRAP_ADDRESS
|
Yes
|
Yes
|
Naming service or RMI service between DMgr and node might not work
|
|
SOAP
|
Yes
|
Yes
|
Synchronization will not work
|
|
ORB_
|
Yes
|
Yes
|
Port value can't be zero. Should have a static value. More info
|
|
WC_adminhost
|
Yes
|
Yes
|
File transfer application will not work
|
|
DCS_UNICAST_ADDRESS
|
Yes
|
Yes
|
HA Manager won't work properly (i.e., WLM, DRS, Transaction log recovery )
|
|
IPC_
|
Yes
|
Yes
|
Internal communication might fail
|
|
WC_adminhost_secure
|
No
|
Yes
|
File Transfer won't work
|
|
SAS_
|
No
|
No
|
This
port is used for communication with version 6.0.x servers federated in a
6.1 or later cell. Should open if you have V6.0 mixed node.
|
|
CSIV
|
No
|
Yes
|
Required when security enabled
|
|
CSIV
|
No
|
Yes
|
Required when security enabled
|
|
Data
|
Yes
|
Yes
|
Required only when you use DataPower
|
Nodeagent Ports to be opened with security enabled and disabled
|
Port Name/Endpoint Name
|
Security Disabled
|
Security Enabled
|
Reason/Comment
|
|
BOOTSTRAP_ADDRESS
|
Yes
|
Yes
|
Naming service or RMI service between dmgr and node might not work
|
|
ORB_
|
Yes
|
Yes
|
Port value can't be zero. Should have a static value. More info
|
|
DCS_UNICAST_ADDRESS
|
Yes
|
Yes
|
HA Manager won't work(WLM, DRS, Transaction log recovery etc)
|
|
NODE
|
Yes
|
Yes
|
Discovery between nodeagent and dmgr will not work
|
|
NODE
|
Yes (if NO to ipv4)
|
Yes (if NO to ipv4)
|
Multicast
discovery for application servers (during startup) to discover
nodeagent. The endpoint can be removed, if you prefer to use IPV4.
|
|
NODE
|
Yes (if NO to ipv6)
|
Yes (if NO to ipv6)
|
Multicast
discovery for application servers (during startup) to discover
nodeagent. The endpoint can be removed, if you prefer to use IPV6
|
|
SOAP
|
Yes
|
Yes
|
Synchronization will not work
|
|
IPC_
|
Yes
|
Yes
|
Internal WebSphere communication might fail
|
|
SAS_
|
No
|
No
|
This
port is used for communication with version 6.0.x servers federated in a
6.1 or later cell. Should open if you have V6.0 mixed node.
|
|
CSIV
|
No
|
Yes
|
Required when security enabled
|
|
CSIV
|
No
|
Yes
|
Required when security enabled
|
Application Server ports to be opened
|
Port Name/Endpoint Name
|
Security Disabled
|
Security Enabled
|
Reason/Comment
|
|
DCS_UNICAST_ADDRESS
|
Yes
|
Yes
|
HA Manager won't work(WLM, DRS, Transaction log recovery etc). All application server DCS ports should be opened.
|
Additional firewall considerations
You might choose to separate the WebSphere application servers from
your database and LDAP servers with a firewall. If so, you might have to
open the following ports. The following ports are default ports, please
consult with your admin to find out the right port numbers:
- DB2: 50000 and 50001
- Oracle: 1521
- SQL Server: 1433
- LDAP: 389
No comments:
Post a Comment