Job Management Partner 1/Automatic Job Management System 3 System Design (Configuration) Guide

Appendix A.2 Directions of traffic through a firewall

The following table lists the directions of traffic through a firewall.

JP1/AJS3 supports both packet filtering and NAT (static mode) address translation methods.

Table A-4 Directions of traffic through a firewall (JP1/AJS3)

Program name to be set Service name Port number Direction of the firewall traffic

JP1/AJS3 - Manager
JP1/AJS3 - Agent
Another program^#1 jp1ajs2qman 20241/tcp Agent -> Manager
Manager <--> Manager
Manager <--> Another program^#1

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2qagt 20242/tcp Manager -> Agent

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2qnfy 20243/tcp Agent -> Manager

JP1/AJS3 - Manager
JP1/AJS3 - View
JP1/AJS3 - Definition Assistant^#2 jp1ajs2monitor 20244/tcp JP1/AJS3 - View -> Manager
Manager <--> Manager
JP1/AJS3 - Definition Assistant^#2 -> Manager

JP1/AJS3 - Manager
Another program^#1 jp1ajs2report#3 20245/tcp Manager <--> Manager
Another program^#1 -> Manager

JP1/AJS3 - Manager jp1ajs2gw 23160/tcp Jobnet connector execution host <-->
Connection-destination jobnet execution host

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2eamgr 20246/tcp Agent -> Manager

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2eaagt 20247/tcp Manager -> Agent

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2qlagt 20300/tcp Manager -> Agent

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2qlftp 20301/tcp Agent -> Manager

JP1/AJS3 - Manager
JP1/AJS3 - Agent jp1ajs2chkagt 23139/tcp Manager -> Agent

JP1/AJS3 - Manager jp1ajs2ca 22276/tcp Manager -> Manager

JP1/AJS3 - Manager
JP1/AJS3 - View jp1ajs2cm 22275/tcp JP1/AJS3 - View -> Manager

Legends:

->: One-way, from the left to the right

<-->: Two-way, from the left to the right, or the right to the left

#1

Another program refers to a user program using the functions provided by JP1/NQSEXEC, JP1/OJE for VOS3, or JP1/AJS2. When allowing another program to receive status reports of jobs registered in JP1/AJS3 - Manager, open the job status reporting port specified for the program in the direction of Manager to another program.

For details, see the Job Management Partner 1/NQSEXEC System Administrator's Guide or Job Management Partner 1/NQSEXEC User's Guide when you use JP1/NQSEXEC. When you use JP1/OJE for VOS3, see the manual VOS3 Job Management Partner 1/Open Job Entry.

#2

For details about setting up a firewall, see the manual Job Management Partner 1/Automatic Job Management System 3 - Definition Assistant.

#3

When you activate multiple scheduler services or change the job status reporting port (jp1ajs2report by default) for the scheduler service, open the ports for these services or the changed port as performed for the jp1ajs2report port.

To allow connections over a firewall using the port numbers in the above table, set up the firewall to permit traffic via the port corresponding to the service name and ANY replies to the session established for the port corresponding to the service name. The ANY reply comes about because the OS automatically assigns numbers.

Note the following when installing JP1 products on a firewall server.

Internal communication is also subject to firewall control in some cases. When installing JP1/AJS3 on a server with a firewall, set up the firewall to permit communication between internal processes within the server.

In the case of Windows JP1/AJS3 - Manager, internal processing within the same computer dynamically uses an empty port to carry out local communication at IP address 127.0.0.1 (local host). If the firewall also regards local communication (at 127.0.0.1) as the target of access restriction, set the firewall so as to permit all communications at 127.0.0.1 in addition to the setting mentioned in step 1.

When an option to change the startup method for Jobnet Monitor is enabled in JP1/AJS3 - View, JP1/AJS3 - View dynamically uses an empty port number during the local communications at IP address 127.0.0.1 (localhost). If the firewall restricts local communications (communications at 127.0.0.1), permit all communications at 127.0.0.1.

Program name to be set	Service name	Port number	Direction of the firewall traffic
JP1/AJS3 - Manager JP1/AJS3 - Agent Another program^#1	jp1ajs2qman	20241/tcp	Agent -> Manager Manager <--> Manager Manager <--> Another program^#1
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2qagt	20242/tcp	Manager -> Agent
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2qnfy	20243/tcp	Agent -> Manager
JP1/AJS3 - Manager JP1/AJS3 - View JP1/AJS3 - Definition Assistant^#2	jp1ajs2monitor	20244/tcp	JP1/AJS3 - View -> Manager Manager <--> Manager JP1/AJS3 - Definition Assistant^#2 -> Manager
JP1/AJS3 - Manager Another program^#1	jp1ajs2report#3	20245/tcp	Manager <--> Manager Another program^#1 -> Manager
JP1/AJS3 - Manager	jp1ajs2gw	23160/tcp	Jobnet connector execution host <--> Connection-destination jobnet execution host
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2eamgr	20246/tcp	Agent -> Manager
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2eaagt	20247/tcp	Manager -> Agent
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2qlagt	20300/tcp	Manager -> Agent
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2qlftp	20301/tcp	Agent -> Manager
JP1/AJS3 - Manager JP1/AJS3 - Agent	jp1ajs2chkagt	23139/tcp	Manager -> Agent
JP1/AJS3 - Manager	jp1ajs2ca	22276/tcp	Manager -> Manager
JP1/AJS3 - Manager JP1/AJS3 - View	jp1ajs2cm	22275/tcp	JP1/AJS3 - View -> Manager

[Contents][Back][Next]

[Trademarks]