Hitachi

JP1 Version 12 JP1/Performance Management - Remote Monitor for Platform Description, User's Guide and Reference


E.2 Firewall passage directions

This subsection describes the firewall passage directions for PFM - RM for Platform.

Organization of this subsection

(1) Setting the firewall passage directions

If there is a firewall between PFM - Manager and PFM - RM for Platform, you must set fixed port numbers for all services of PFM - Manager and PFM - RM for Platform. For details, see the section that describes firewall passage directions in the manual JP1/Performance Management Reference.

(a) When the monitored host is running Windows

The port numbers used for WMI is 135/tcp and the port number# assigned by the OS.

#

WMI uses DCOM. Because DCOM uses dynamic port allocation, the port used for DCOM must pass through the firewall.

The following are the standard ranges of ports assigned by the OS:

  • For Windows: 49152 to 65535

For details about the setup method, see the firewall product documentation or contact the firewall product developer.

Usage with a firewall is not suitable because one WMI and DCOM request cannot be separated from another WMI and DCOM request. The following figure shows the recommended configuration.

Figure E‒1: Example of an acceptable configuration for passing through a firewall with the port used in DCOM

[Figure]

(b) When the monitored host is running UNIX

Specify the settings so that the port number specified in the settings for the monitoring target of PFM - RM for Platform is used to pass through the firewall.

The table below shows the values that can be specified for the port number, which is a monitoring target setting. For details about the monitoring target settings, see 3.2.4 Setup procedure for the UNIX edition.

Table E‒2: Port numbers permitted for the monitoring target setting

Setting item

Description

Permitted value

Default value

Port

Port number of the SSH server on the monitored host

From 1 to 65,535

22

(2) Setting the firewall passage directions (when the health check function is used)

If PFM - RM for Platform is to monitor the operating status of a monitored host using the health check function, you must specify the settings so that ICMP communication passes through the firewall.

The following table shows the firewall passage directions.

Table E‒3: Firewall passage directions (between PFM - RM for Platform and a monitored host)

Service name

Communication protocol

Passage direction

Remote Monitor Collector service

ICMP echo request/ICMP echo response

PFM - RM host ← → monitored host

Legend:

← →: Direction in which communication (connection) begins, from the left-hand item to the right-hand item or from the right-hand item to the left-hand item.