C.2 Direction of communication through a firewall
The table below describes the direction in which hosts communicate through a firewall. JP1/IM supports both packet filtering and NAT (static mode).
|
Service name |
Port number |
Direction of communication |
|---|---|---|
|
jp1imevtcon |
20115/tcp |
JP1/IM - View -> JP1/IM - Manager (Central Console) |
|
jp1imcmda |
20238/tcp |
JP1/IM - View -> JP1/Base#1 JP1/IM - Manager (Central Console) -> JP1/Base#1 |
|
jp1imcss |
20305/tcp |
JP1/IM - View -> JP1/IM - Manager (Central Scope) |
|
jp1rmregistry |
20380/tcp |
JP1/IM - View -> JP1/IM - Rule Operation |
|
jp1rmobject |
20381/tcp |
|
|
jp1imegs |
20383/tcp |
Firewall setup is unnecessary because all communication takes place on the machine on which JP1/IM - Manager is installed. |
|
jddmain |
20703/tcp |
Web browser -> JP1/IM - Manager (Intelligent Integrated Management Base) |
|
None#2 |
Port number of the IM database#3 |
JP1/IM - Manager (physical host) -> JP1/IM - Manager (IM database (physical host)) |
|
Port number of the IM database#4 |
JP1/IM - Manager (logical host) -> JP1/IM - Manager (IM database (logical host)) |
|
|
jp1imcf |
20702/tcp |
JP1/IM - View -> JP1/IM - Manager (IM Configuration Management) |
|
jp1imfcs |
20701/tcp |
Firewall setup is unnecessary because all communication takes place on the machine on which JP1/IM - Manager is installed. |
|
jimmail |
25/tcp#5 |
JP1/IM - Manager -> mail server (SMTP) (without authentication) |
|
587/tcp#5 |
JP1/IM - Manager -> mail server (SMTP) (with SMTP-AUTH authentication) |
|
|
110/tcp#5 |
JP1/IM - Manager -> mail server (POP3) (with POP-before-SMTP authentication) |
- Legend:
-
->: Direction of the connection when established
#1: Refers to JP1/Base on the manager.
#2: Not registered in the services file.
#3: This is the port number for the IM database (physical host) that was set in the setup information file when the IM database was set up on the physical host.
#4: This is the port number for the IM database (logical host) that was set in the cluster setup information file when the IM database was set up on the logical host.
#5: The destination port number might differ depending on which port is used on the destination server.
#6: The port number might differ depending on the HTTP server settings.
When a connection is established, the port number in the table is used by the side being connected (the side towards which the arrow points). The connecting side uses an available port number assigned by the OS. The range of port numbers that can be used depends on the OS.
When JP1/IM is installed on a server host with a firewall, communications within that machine might also be subject to the firewall restrictions. In such a case, set up the firewall so that services can use the port numbers in the table even for communications within the firewall server host.
For details about operation with a firewall, see 9.3 Operating in a firewall environment in the JP1/Integrated Management 2 - Manager Configuration Guide.
- Organization of this subsection
(1) Setting the direction in which data passes through the firewall (when remotely monitored host information is collected)
The following connection methods are used to collect remotely monitored host information in JP1/IM - Manager:
- In Windows:
-
SSH, NetBIOS (NetBIOS over TCP/IP), WMI
- In UNIX:
-
SSH
Therefore, when you place JP1/IM - Manager and monitored hosts via a firewall, the data must pass through the firewall as follows:
JP1/IM - Manager (jcfmain and jcfallogtrap) -> Monitored hosts
Legend: ->: Direction of the connection when established
- For an SSH connection
-
Let the data pass through the firewall using the port number specified for the SSH setting in the System Common Settings window of JP1/IM - Manager.
- For a NetBIOS (NetBIOS over TCP/IP) connection
-
Let the data pass through the firewall using the port used by NetBIOS (NetBIOS over TCP/IP). For details about the configuration, see the manual for the firewall product, or ask the developer of the firewall product.
Note that the connection cannot be separated from other NetBIOS (NetBIOS over TCP/IP) connections.
- For a WMI connection
-
WMI uses DCOM. DCOM uses dynamic port assignment. Therefore, let the data pass through the firewall using the port used by DCOM. For details about the configuration, see the manual for the firewall product, or ask the developer of the firewall product.
Note that the connection cannot be separated from other WMI or DCOM requests.