C.2 Direction of communication through a firewall
The table below describes the direction in which hosts communicate through a firewall. JP1/IM supports both packet filtering and NAT (static mode).
|
Service name |
Port number |
Direction of communication |
|---|---|---|
|
jp1imevtcon |
20115/tcp |
JP1/IM - View -> JP1/IM - Manager (JP1/IM - Central Console) |
|
jp1imcmda |
20238/tcp |
JP1/IM - View -> JP1/IM - Manager (JP1/IM - Central Console) JP1/IM - Manager (JP1/IM - Central Console) -> JP1/Base#1 |
|
jp1imcss |
20305/tcp |
JP1/IM - View -> JP1/IM - Manager (JP1/IM - Central Scope) |
|
jp1rmregistry |
20380/tcp |
JP1/IM - View -> JP1/IM - Rule Operation |
|
jp1rmobject |
20381/tcp |
|
|
jp1imegs |
20383/tcp |
Firewall setup is unnecessary because all communication takes place on the machine on which JP1/IM - Manager is installed. |
|
JP1/IM-Manager DB Server |
20700/tcp |
JP1/IM - Manager -> JP1/IM-Manager DB Server |
|
jp1imcf |
20702/tcp |
JP1/IM - View -> JP1/IM - Manager (IM Configuration Management) |
|
jp1imfcs |
20701/tcp |
Firewall setup is unnecessary because all communication takes place on the machine on which JP1/IM - Manager is installed. |
|
jimmail |
25/tcp#2 |
JP1/IM - Manager -> mail server (SMTP) (without authentication) |
|
587/tcp#2 |
JP1/IM - Manager -> mail server (SMTP) (with SMTP-AUTH authentication) |
|
|
110/tcp#2 |
JP1/IM - Manager -> mail server (POP3) (with POP-before-SMTP authentication) |
|
|
http |
80/tcp#3 |
Web-based JP1/IM - View (Web browser) -> Web server |
- Legend:
-
->: Direction of the connection when established
#1: Refers to JP1/Base on the manager.
#2: The destination port number might differ depending on which port is used on the destination server.
#3: The port number might differ depending on the Web server settings.
When a connection is established, the port number in the table is used by the side being connected (the side the arrow points at). The connecting side uses an available port number assigned by the OS. The range of port numbers that can be used is OS-dependent.
When JP1/IM is installed on a firewall server host, communications within that machine may also be subject to the firewall restrictions. In this case, set up the firewall so that services can use the port numbers in the table even for communications within the firewall server host.
For details on operation with a firewall, see 7.3 Operating in a firewall environment in the Job Management Partner 1/Integrated Management - Manager Configuration Guide.
- Organization of this subsection
(1) Setting the direction in which data passes through the firewall (when remotely monitored host information is collected)
The following connection methods are used to collect remotely monitored host information in JP1/IM - Manager:
- In Windows:
-
SSH, NetBIOS (NetBIOS over TCP/IP), WMI
- In UNIX:
-
SSH
Therefore, when you place JP1/IM - Manager and monitored hosts via a firewall, the data must pass through the firewall as follows:
JP1/IM - Manager (jcfmain and jcfallogtrap) -> Monitored hosts
Legend: ->: Direction of the connection when established
- For an SSH connection
-
Let the data pass through the firewall using the port number specified for the SSH setting in the System Common Settings window of JP1/IM - Manager.
- For a NetBIOS (NetBIOS over TCP/IP) connection
-
Let the data pass through the firewall using the port used by NetBIOS (NetBIOS over TCP/IP). For details about the configuration, see the manual for the firewall product, or ask the developer of the firewall product.
Note that the connection cannot be separated from other NetBIOS (NetBIOS over TCP/IP) connections.
- For a WMI connection
-
WMI uses DCOM. DCOM uses dynamic port assignment. Therefore, let the data pass through the firewall using the port used by DCOM. For details about the configuration, see the manual for the firewall product, or ask the developer of the firewall product.
Note that the connection cannot be separated from other WMI or DCOM requests.