![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Software Distribution Client Description and User's Guide
Figure 6-4 shows an example of the JP1/Software Distribution system configuration that uses firewalls.
Figure 6-4 Example of the JP1/Software Distribution system configuration using firewalls
When you distribute a package from the managing server through a firewall, you can install a relay system within the firewall to reduce the number of nodes to be defined in the firewall.
For details on the environment settings of the managing server for distributing packages via a firewall, see the manual of your managing server.
- Organization of this subsection
- (1) Useable firewalls
- (2) Port numbers used in JP1/Software Distribution
- (3) Settings for distributing packages via firewalls
Table 6-2 shows most popular firewalls that can be used with JP1/Software Distribution system.
Table 6-2 Most popular firewalls that can be used with JP1/Software Distribution Client
Firewall type Gateway environment IP address specified in the /etc/hosts file Application gateway firewall (one popular product is Gauntlet) General purpose TCP gateway (Plug-G/W) Assign the address that corresponds to the service names (port number) used in JP1/Software Distribution Client on the machines where the managing server and the relay system are installed. Gateway (hs-G/W) that uses Virtual Private Network Support for Gauntlet (VPN) (hs-G/W)
Note that you must use hs-PROXY.Assign the address specified in the host name definition for the relay system and the managing server as the local host address. Packet filtering firewall (one popular product is FireWall-1) Packet filtering G/W+NAT function# Assign the global address specified in the host name definition of the managing server and the relay system as the local host address.
- #
- NAT (Network Address Translation) is a facility for making the intra-network addresses invisible to the external networks. NAT also prevents the intra-network addresses from leaking to the external networks. There are two address translation policies:
- Fixed-address allocation
- Dynamic address allocation
- JP1/Software Distribution can only use the fixed-address allocation policy (STATIC mode).
(2) Port numbers used in JP1/Software Distribution
When you use JP1/Software Distribution in a firewall environment, you must set port numbers in the firewall.
Table 6-3 shows port numbers used in JP1/Software Distribution.
Table 6-3 Port numbers used in JP1/Software Distribution
Communication between: Port number Protocol Sender information Recipient information Manager and relay systems 30002
(udp or tcp#1)udp Manager:Ephemeral#2 Relay system:30002 tcp Manager:Ephemeral#2 Relay system:30002 30000 tcp Relay system:Ephemeral#2 Manager:30000 Relay systems and clients 30002
(udp or tcp#1)udp Relay system:Ephemeral#2 Client:30002 tcp Relay system:Ephemeral#2 Client:30002 30001 tcp Client:Ephemeral#2 Relay system:30001 Manager and clients 30002
(udp or tcp#1)udp Manager:Ephemeral#2 Client:30002 tcp Manager:Ephemeral#2 Client:30002 30000 tcp Client:Ephemeral#2 Manager:30000
- #1
- Select either udp or tcp according to the settings of JP1/Software Distribution Manager.
- #2
- Idle Ephemeral ports are allocated automatically by TCP/IP, normally within the port number range from 1024 to 5000.
(3) Settings for distributing packages via firewalls
When you want to distribute packages via firewalls, you must also set JP1/Software Distribution Client (relay system) as shown below.
- Specify the TCP protocol when setting the port number for the /etc/services file.
- Code the following contents in the settings file:
ClientActionProtocol TCP
ClientActionRetryCount retry-count
ClientActionRetryInterval retry-interval
All Rights Reserved. Copyright (C) 2009, Hitachi, Ltd.
![[Figure]](FIGURE/ZU030310.GIF)