D.2 Firewall passage directions
This subsection describes the firewall passage directions for PFM - RM for Platform.
- Organization of this subsection
(1) Setting the firewall passage directions
If there is a firewall between PFM - Manager and PFM - RM for Platform, you must set fixed port numbers for all services of PFM - Manager and PFM - RM for Platform. For details, see the section that describes firewall passage directions in the manual JP1/Performance Management Reference.
(a) When the monitored host is running Windows
The port numbers used for WMI is 135/tcp and the port number# assigned by the OS.
- #
-
WMI uses DCOM. Because DCOM uses dynamic port allocation, the port used for DCOM must pass through the firewall.
The following are the standard ranges of ports assigned by the OS:
-
For Windows Server 2003: 1025 to 5000
-
For Windows Server 2008 or later: 49152 to 65535
For details about the setup method, see the firewall product documentation or contact the firewall product developer.
Usage with a firewall is not suitable because one WMI and DCOM request cannot be separated from another WMI and DCOM request. The following figure shows the recommended configuration.
Figure D‒1: Example of an acceptable configuration for passing through a firewall with the port used in DCOM ![[Figure]](GRAPHICS/ZU990010.GIF)
-
(b) When the monitored host is running UNIX
Specify the settings so that the port number specified in the settings for the monitoring target of PFM - RM for Platform is used to pass through the firewall.
The table below shows the values that can be specified for the port number, which is a monitoring target setting. For details about the monitoring target settings, see 3.2.4 Setup procedure for the UNIX edition.
|
Setting item |
Description |
Permitted value |
Default value |
|---|---|---|---|
|
Port |
Port number of the SSH server on the monitored host |
From 1 to 65,535 |
22 |
(2) Setting the firewall passage directions (when the health check function is used)
If PFM - RM for Platform is to monitor the operating status of a monitored host using the health check function, you must specify the settings so that ICMP communication passes through the firewall.
The following table shows the firewall passage directions.
|
Service name |
Communication protocol |
Passage direction |
|---|---|---|
|
Remote Monitor Collector service |
ICMP echo request/ICMP echo response |
PFM - RM host ← → monitored host |
- Legend:
-
← →: Direction in which communication (connection) begins, from the left-hand item to the right-hand item or from the right-hand item to the left-hand item.