Kbase P58464: What ports need to be opened between Web server & AIA / WSA and the NameServer & AppServer
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
08/04/2008 |
|
Status: Verified
GOAL:
What firewall ports need to be opened between Web server & AIA and the NameServer & AppServer
GOAL:
What firewall ports need to be opened between Web server & WSA and the NameServer & AppServer
FACT(s) (Environment):
Progress 9.1x
OpenEdge 10.x
JRun
ServletExec
Tomcat
All Supported Operating Systems
FIX:
The ports that need to be open between the JSE running the AIA / WSA and the NameServer/AppServer are the same regardless of which specific Java Servlet Engine and Web server is used. The only difference may result from the AppServer operating mode and whether the NameServer is used for the AIA / WSA or not.
For the Stateless and Statefree AppServer the ports that need to be open are:
AIA or WSA -------- 5162 / UDP --------> NameServer
AIA or WSA <-------- (minNSClientPort <> maxNSClientPort) / UDP -------- NameServer
AIA or WSA <-------- broker_Port / TCP --------> AppServer broker
For the StateReset and StateAware AppServer the ports that need to be open are:
AIA or WSA -------- 5162 / UDP --------> NameServer
AIA or WSA <-------- (minNSClientPort <> maxNSClientPort) / UDP -------- NameServer
AIA or WSA <-------- broker_Port / TCP --------> AppServer broker
AIA or WSA <-------- (srvrMinPort <> srvrMaxPort) / TCP --------> AppServer servers
When the AIA / WSA does not use controlling NameServer, but connects directly to the AppServer broker port, then there is no need to open any UDP ports.
Notes:
1. If the NameServer UDP port range is not set in the AIA / WSA (deployed Web Service) properties using minNSClientPort and maxNSClientPort parameters, then all UDP ports needs to be opened.
2. If the AppServer server port range is not set in the AppServer broker's properties using srvrMinPort and srvrMaxPort parameters, then all TCP ports need to be opened (valid only for StateReset and StateAware AppServer operating modes).
Apart from the opening required ports in the firewall, in case where the firewall also does network address translation (NAT), the AppServer broker needs to register with the NameServer using the IP address, or a host name that is resolvable from the AIA / WSA side. That requires modifying the AppServer's ubroker.properties and adding the following properties in the AppServer broker section, e.g.:
[UBroker.AS.asbroker1]
registrationMode=Register-HostName
hostName=<External IP address or host name visible to AIA / WSA>